HomeWinBuzzer NewsMicrosoft Patches Windows to Protect Against Bluetooth Vulnerability Epidemic

Microsoft Patches Windows to Protect Against Bluetooth Vulnerability Epidemic

Security firm Armis has described four of eight Bluetooth vulnerabilities as critical. Microsoft and Google are two major platform companies to issue patches to protect against the problems.


and are two tech companies who have parched their devices to protect against several vulnerabilities found in . Security firm Armis has discovered eight separate vulnerabilities related to the short-range wireless connection network. Four of those vulnerabilities are described as critical.

Of course, Bluetooth is widely spread and is currently functional on 5 million devices. The connection method is common across , Windows, Linux, and all iOS devices before iOS 10.

Armis calls the collection of vulnerabilities BlueBorne and says the problems are “epidemic”:

“These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date,” Armis said on Tuesday. “Previously identified flaws found in Bluetooth were primarily at the protocol level. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.”

Bluetooth was conceived in 1998 and quickly became the standard format for connecting two devices over a short distance. It has also been used to pair peripherals and accessories with devices.

However, it is also a complex platform with a specification running some 2,822 pages. In comparison, Wi-Fi specification is only 450 pages. Due to this complexity, Bluetooth is often left alone in terms of meeting protocols.

Hacking Devices

It also means, if attackers can get by the complexity, vulnerabilities can be buried and lost. BlueBorne gives hackers the ability to control a device and all of its contents. Because Bluetooth is a pairing network, attackers can also spread vulnerabilities and control to other devices.

You may think this would only be possible if Bluetooth is turned on for the receiving device. However, a device is always listening for a connection, so a hacker would simply need the device address (BDADDR).

“If the device generates no Bluetooth traffic, and is only listening, it is still possible to ‘guess' the BDADDR, by sniffing its Wi-Fi traffic,” Armis explains. “This is viable since Wi-Fi MAC addresses appear unencrypted over the air, and due to the MACs of internal Bluetooth/Wi-Fi adapters are either the same, or only differ in the last digit.”

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News