Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Should BlueBorne have you feeling blue?

Should BlueBorne have you feeling blue?

Security used to be one of those factors that was hard-wired into any financial software product or generally security focused-application, but in recent years we’ve seen a massive growth in the number of exploits that attack other software vectors in order to gain control of, or access to a system.

The latest potentially troublesome vulnerability to be discovered has been dubbed “Blueborne”, because it’s a vulnerability that exploits weaknesses in older implementations of the Bluetooth standard to both attack vulnerable systems and spread itself. Because of the way it transmits over Bluetooth, a Blueborne attack could, in theory, spread simply by walking past another infected device with your own Bluetooth-capable device — for example a smartphone or tablet — which would then “accept” the attack itself, and become a new malware vector.

That’s a vulnerability with a potentially massive scope, because pretty much every smartphone and tablet, and most laptops and even some desktop PCs have inbuilt or add-on Bluetooth modules. The attack targets a common way that the standard uses to initiate communications, so unlike, for example, data transmission over Bluetooth such as file transfers or audio streaming, it’s already present before any user acceptance buttons or warnings would ever pop up on screen.

That sounds grim, and in theory it could allow an attacker to wander around, compromising machines at will simply by walking past them, but there are some silver linings to this particular malware story.

In the first place, the vulnerability was discovered by security researchers at Armis Labs, rather than malware authors. That’s important, because a known vulnerability is one that can be patched over, where an unknown exploit is one that’s not likely to be addressed. It’s the difference between knowing you’ve lost your keys, so the locks need to be changed, and not knowing that there’s somebody out there with a set of keys at all. As such, software patches can be written and some systems should be updated to block anyone trying to take advantage of the exploit. Which doesn’t mean it’s dead in the water, but it does blunt a lot of its potential effectiveness.

This should, by the way, serve as your timely reminder to apply all the available update and security patches to your desktops, laptops, tablets and smartphones, because it’s precisely this kind of problem that those patches can block, even if you don’t know that they’re doing so.

The second bit of good news relates precisely to those updates, because the most obvious vector for these kinds of exploits are smartphones. They’re usually all Bluetooth-enabled devices, they’re very mobile and as such they’re far more likely to wander into range of a potentially exploited system. If you’re running up-to-date iOS on an iPhone (iOS 10 at the time of writing, although it’ll be iOS 11 as of 19/20th of September), then you’re already secure. If your device is running iOS 9.3.5 or earlier, however, there may be an issue, and if a software upgrade isn’t available due to hardware age, disabling Bluetooth may be wise. On the Android side of the issue, if you’re using a device on Android 6.0 (“Nougat”) or Android 7.0 (“Marshmallow”) then the September security update deals with Blueborne entirely. However, the spread of that security update varies by Android hardware manufacturer. Hopefully the threat will convince some tardy manufacturers to speed the patching process, but for older hardware that can’t even handle Android 6.0, again there’s a possible threat.

For Windows users, as long as you’re running Windows Vista or better and you have applied the September security updates. Microsoft isn’t supplying security updates for earlier versions of Windows than that any more to speak of, so again, caution is advised. It’s not entirely clear whether the shared source code libraries of Mac systems are vulnerable or not, but you’re definitely advised to upgrade (which Apple does for free for qualifying systems) to at least macOS Sierra, which should be Blueborne-free.


Recent News

Social media can be a huge force for change, and in these times where many of us are bouncing in and out of lockdowns, also a vital lifeline for communication on everything from important matters to the wildly trivial. We’re all allowed our personal obsessions, after all. However, many of us don’t think about the

Microsoft recently released its first public-facing beta version of the Windows 11 operating system that it will ship later this year. You’ve got to be signed up to its Windows Insider program to get it – and be willing to accept a little risk in terms of unstable operating systems – but then this is

Telstra recently announced that its 5G coverage for its mobile phone network covers around 75% of the Australian population. It’s also announced the “longest” (as in range) 5G phone call in the world, spanning some 113km in Gippsland. Meanwhile, rival telco Optus has claimed that it’s hit 300mbps upstream on trials of its emerging mmWave

Microsoft recently announced its next generation of the Windows operating system, Windows 11. If you’re thinking that seems odd given it did announce some years back that Windows 10 would be the “final” version of Windows, you’re not alone. For many years now, Microsoft’s simply provided Windows 10 updates rather than “new” versions of Windows,

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More