Armis Labs, an Internet of Things (IoT) security company, has publicly revealed a new Bluetooth vulnerability called “BlueBorne.” This vulnerability allows hackers to take complete control over Bluetooth enabled devices. This vulnerability affects all devices with Bluetooth capabilities including smartphones, laptops, smart watches, and TVs. Google, Microsoft and Linux will be releasing patches. Apple devices have been patched since the roll out of iOS 10 in September 2016. According to Armis, there are approximately 2 billion Android and Linux devices that cannot be patched.
Since its inception in 1982, Bluetooth has been plagued with security issues and this latest flaw is further proof of the security risks with Bluetooth. Remember that exploitation of any this and any Bluetooth vulnerability requires proximity to the device, depending on whether the device is indoors or outdoors.
What you can do
When conducting a HIPAA security risk analysis, make sure an inventory of Bluetooth capable devices is covered. Patch all devices and if that is not possible, the best defense is to turn off Bluetooth.