A new attack aimed at every computer, mobile device, smart TV or other IoT device running on Android, Linux, Windows, and pre-version 10 of iOS operating systems could open up your systems and facilities to number of significant vulnerabilities.
The newly-identified “BlueBorne” vector “allows attackers to take control of devices, access corporate data and networks, penetrate secure ‘air-gapped’ networks, and spread malware laterally to adjacent devices, according to digital security experts at Armis.
Unlike other malicious digital attacks, BlueBorne requires no action on the part of the user to work. It’s an “airborne” attack that spreads through Bluetooth connections. Users don’t have to click a link, download an app, or take any other action to spread the attack. It simply spreads itself.
Once BlueBorne gains access to a device, the device can be exploited for espionage, theft, ransom or DDoS attacks.
Considering the rapid growth of IoT connected devices, and the prevalence of the use of mobile devices to control everything from building access to critical systems, both IT and facility managers should rightly be concerned.
But according to HID, users of its products have limited exposure to risk. Its HID iClass SE readers are unaffected by BlueBorne.
Mobile devices that interact with their readers could be at risk of infection, however. To reduce risk and avoid infection, all mobile device users who interact with HID readers should be instructed to download the latest security updates for their device, and make sure they are kept up to date. All devices which run on iOS 9.3.5 or lower smart devices are affected, as are all Bluetooth-capable Android devices with that have not yet been updated to the latest Android security update released by Google in September.
Another route for concerned Android users would be to disable Bluetooth and rely on Near Field Communication (NFC) to access facilities.
For concerns about other types of systems that rely on Bluetooth or interact with Bluetooth-connected devices, contact the manufacturer of those products for specific details. You can also contact our IT team at (502) 632-4322 for system design information and guidance.Tags: Commercial Security, cyber security, Security