Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

One Year Later, Over 2 Billion Devices Still Exposed to BlueBorne Attacks

One year after researchers disclosed the Bluetooth vulnerabilities dubbed BlueBorne, more than 2 billion devices are believed to still be vulnerable to attacks, either because their owners have failed to install patches or due to the fact that no patches are available.

One year after researchers disclosed the Bluetooth vulnerabilities dubbed BlueBorne, more than 2 billion devices are believed to still be vulnerable to attacks, either because their owners have failed to install patches or due to the fact that no patches are available.

The BlueBorne vulnerabilities were disclosed in September 2017 by Armis Labs, a company that specializes in protecting Internet of Things (IoT) devices. Its researchers found that nine Bluetooth implementation flaws affected mobile, desktop and IoT systems, including Android, iOS, Windows and Linux devices.

Armis later also revealed that Amazon Echo and Google Home devices were also vulnerable to these attacks.

An attacker who is in range of the targeted device can exploit one of the BlueBorne flaws for remote code execution or man-in-the-middle (MitM) attacks without user interaction, simply by knowing the type of operating system used by the victim.Billions of devices still vulnerable to BlueBorne attacks

Armis, which estimated that the security holes initially impacted roughly 5.3 billion Bluetooth-enabled devices, warned that BlueBorne can be used to deliver malware – including a worm that spreads to other devices via Bluetooth – take control of phones and computers, and redirect victims to arbitrary websites.

Armis now estimates that roughly two-thirds of the 5.3 billion impacted systems received updates that should protect them against BlueBorne attacks. However, there are still over 2 billion devices that are vulnerable.

Of these, the company says roughly one billion are running a version of Android that no longer receives security updates, including Android 5.1 Lollipop and earlier (734 million), and Android 6 Marshmallow and earlier (261 million). Another 50 million devices are running iOS 9.3.5 and earlier, which have not received patches.

Armis also estimates that 200 million devices worldwide are running vulnerable versions of Windows, and 768 million devices are running an unpatched or unpatchable version of Linux. These Linux systems include servers, smartwatches, medical devices and industrial equipment.

“An inherent lack of visibility hampers most enterprise security tools today, making it impossible for organizations to know if affected devices connect to their networks,” Armis VP of Research Ben Seri wrote in a blog post. “Whether they’re brought in by employees and contractors, or by guests using enterprise networks for temporary connectivity, these devices can expose enterprises to significant risks.”

Armis pointed out that it had informed vendors about the BlueBorne vulnerabilities five months prior to making its findings public. However, many still only released patches tens and even hundreds of days after the public disclosure.

“Exploits like BlueBorne take a long time to go away,” Seri said. “This is because many of the impacted devices can’t be patched. In fact, we often have to wait until a device is retired or taken out of operation and turned off before it is no longer poses a risk. As we look across each of these platforms, Linux and Android have the longest tail, which aligns with what we are seeing in the marketplace.”

Armis noted that following the disclosure of the BlueBorne attack the cybersecurity industry once again started focusing on the threat posed by Bluetooth vulnerabilities. This led to the discovery of several potentially serious flaws affecting iOS and Android devices and even cars.

Most recently, in July, a team of researchers at the Israel Institute of Technology disclosed some Bluetooth implementation flaws that can allow an attacker in physical proximity of two targeted devices to monitor and manipulate the traffic they exchange.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.