Yesterday you heard about Blueborne, a vulnerability in the Bluetooth specification that allows remote attackers to take over your device and just generally do whatever with it. While there’s no solution in sight for this issue (and literally billions of devices remain vulnerable because of a lack of support), the workaround is that you just turn off Bluetooth when you’re in public. That might mean that you can’t use your Bluetooth headsets and some smartwatches, true, but the slight annoyance outweighs the risks of being possibly compromised and have your personal information stolen. To help with identifying how vulnerable you may be, Armis Labs, the discoverers of the Blueborne vulnerability, have made an Android app that helps identify vulnerable devices around you.
How the scanner works is rather simple. It will ping Bluetooth devices around you and look for a build number in the firmware for the Bluetooth driver stack, or query what the patch level is for an Android device. If it matches what Armis has identified as being vulnerable to attacks in their labs, it is flagged as a high risk device. This means that while it might be the case that a device is secure thanks to updates being seeded to fix this problem, it might still register as being vulnerable because Armis’ database hasn’t been updated. The app will check your phone in a similar way, but it will be able to read more information to determine if the vulnerability is patched on your device or not.
Medium risk devices will also show up, and these might be devices running Apple iOS, or some version of Linux that the scanner can’t determine exactly, but it will still identify as Linux. Some devices receive updates over the internet on a regular basis, and for that reason they aren’t as high-risk because there’s a good chance they’ll be patched soon enough. In addition, some devices aren’t vulnerable to all of the attacks that Armis Labs disclosed recently, so some attacks are less harmful and have a lower risk associated with them.
Low risk devices will be things like a Fitbit, a Bluetooth mouse, an older phone, or a speaker. These are not susceptible generally to information theft like other devices are, but they might still have vulnerabilities that haven’t been discovered yet. If there’s anything bad about the scanner, it’s that it cannot identify Bluetooth devices which are not set to be discoverable, which means that there might be devices in a workplace or in public that won’t be found by the scanner, but can be found by a hacker with the right tools. If you’re a technician or system administrator responsible for security, you might have to use a more hands-on approach to find vulnerable devices.