For some devices, corrective updates are simply not available.
In September 2017, researchers from Armis released information on eight vulnerabilities, commonly known as Blueborne, affecting Bluetooth implementations in devices based on various platforms – Android, Windows, Linux and iOS (up to iOS 10 version). In the worst case, the exploitation of the problem made it possible to obtain complete control over the device and the data contained therein. According to experts at that time, the number of vulnerable devices exceeded 5 billion.
As thenew analysis showed, a year later, about 2 billion devices remain vulnerable to these attacks. According to experts, the reason for this is two factors: many users have not applied the patches issued by manufacturers, and for some devices, corrective updates are simply not available, in particular, for obsolete equipment, which vendors are going to stop supporting in the near future.
According to researchers, unprotected from this type of attack remains 768 million devices based on Linux; 734 million Android gadgets (running Android 5.1 Lollipop and below); 261 million devices based on Android 6 Marshmallow and earlier; 200 million devices based on vulnerable versions of Windows; 50 million gadgets running iOS 9.3.5 and below.
Over the past year, experts in the field of cybersecurity have identified many vulnerabilities associated with the implementation of Bluetooth. For example, in July of this year, employees of the Israeli Institute of Technology discovered a cryptographic vulnerability (CVE-2018-5383) affecting numerous Bluetooth implementations and drivers from a number of vendors, including Apple, Broadcom, Intel and Qualcomm.