A Bluetooth attack just announced last month found vulnerabilities in most major operating systems: Windows, iOS, Android, Linux… This leads to a series of worrisome questions. They are amplified by stories from my friends who have used Bluetooth hacks to turn on a cellphone microphone and listen in to nearby conversations.
Are they listening to my Bluetooth phone conversation right now?
Does this mean the end-of-life as in our interconnected world?
Is my strategic boardroom discussion getting out?
Can someone take control of the Internet of Things?
Will my new smart refrigerator be the next victim?
It’s hard to be an intruder
Anyone who has worked in penetration testing will tell you that it’s not so easy to be an intruder. Aside from script kiddie attacks it is necessary to know something (often lots) about the system being attacked. All systems have a limited attack surface; it is necessary to apply the right exploit to “get in”. Once a foothold has been achieved a limited amount of action is available to the attacker. Some operating systems’ Bluetooth vulnerabilities allow intercepting network connections. Others only reveal pieces of memory. A real intrusion professional knows more about your system than you do and can use limited vulnerabilities to “own” a system.
Protect critical Bluetooth systems
Patching operating systems resulting in blunting the Blueborne attack. Windows and Apple’s operating systems were vulnerable until they were patched in July. Some operating systems will probably be vulnerable forever like Android systems used by the Internet-of-Things gadgets in your home and car.
Yes, I am a tech paranoid. Here are my suggestions.
- Immediately ditch devices with ancient operating systems like Windows XP and Vista
- Keep devices updated. At least that protects from yesterday’s discovered/announced/patched vulnerabilities.
- Turn off Bluetooth if it is not necessary. For modern iOS devices this process is really confusing.
- Be suspicious of things that can listen to the room. Kid toys need a dose of glue in the microphone.
- Clean the boardroom of unused tech gadgets. We can help; protecting boardrooms is what we do.