An airborne computer virus with the ability to infect billions of phones and other devices has been identified by internet security analysts. The so-called ‘BlueBorne vulnerability’ allows malicious virus attacks to spread from device to device over bluetooth without the owner’s knowledge.
Ty Miller, managing director of international cyber security firm Threat Intelligence, said this could be one of the most dangerous security flaws that has come out to date.Mr. Miller said the BlueBorne infection method was more dangerous than past attacks, such as the WannaCry ransomware attack. That is because the virus is airborne and can spread without people clicking on a link or being on the internet.
“It’s estimated to potentially affect up to 8 billion around the world, and that’s because it’s got the capability to infect Window, Linux, Android and iOS devices prior to iOS 10,” he said.”So the latest iOS isn’t affected.”
BlueBorne was identified by researchers from Armis Labs, who alerted tech companies as far back as April, so that security patches and upgrades could be created before hackers had the chance to exploit the ‘vulnerability’.Armis Labs has now released warning videos, telling of the danger of BlueBorne.
“It spreads locally over the air, via Bluetooth and the hacker does not need pair with the target device,” the Armis Labs warning says.
But even though there are security patches available, unprotected systems, of which there are billions of devices around the world, remain vulnerable to a BlueBorne attack.
So how does it work?
Armis Labs said unlike regular cyber-attacks, a BlueBorne attack can target any vulnerable device that has bluetooth. It gets into devices from phones to printers, computers and smart TVs by exploiting a weakness in the bluetooth software.
Mr Miller said the virus can then spread exponentially over the air. “You could be simply walking down the street [and] you walk past someone who is vulnerable and suddenly they are infected,” he said. He said as people pass each other by, the virus passes undetected over bluetooth and without permission. “As that keeps going on more and more people would become infected without even knowing it,” Mr Miller said.
“And that’s a critical attack because it’s airborne and can spread just by being near someone, and it affects most of the major operating systems and devices that are on the internet.”The spread has a similar “vector” to deadly human diseases or viruses, like ebola. If this was weaponised and turned into a self-propagating virus then you would see the initial infection point, you would see it spreading from there,” Mr Miller said. Just like an infectious human virus, it could spread from country to country without detection.
Mr Miller said people could fly to other countries, unknowingly travelling with their infected phone.”Then they land in that other country and suddenly the virus starts spreading [there],” he said.
BlueBorne ‘the tip of the iceberg’
The good news is that security researchers have detected it before hackers have had a chance to exploit it, and they have alerted tech companies. But Mr Miller said the spread of infection was still possible because people are often slack about updating their security software and operating systems. “Or when you start looking at your printers, the new TV’s, new watches, home system, the medical appliances — they don’t tend to get updated because they just sit there and people forget about them,” he said.Mr Miller said there was also a reluctance to upgrade software on bluetooth enabled medical equipment in case it affects the operation of the device.
And BlueBorne may not be the only airborne computer virus, but just the one that has been found. Armis Labs has conceded that this discovery could be the tip of the iceberg. “There could be quite a few more coming after this,” Mr Miller said.