BlueBorne: Protecting Your Phones

TL;DR

BlueBorne was a serious cyber security vulnerability affecting many Bluetooth devices, including phones. While the initial threat has subsided thanks to patches, keeping your phone’s software updated is still the best defence. This guide explains how to check and update your phone, plus extra steps for staying safe.

What was BlueBorne?

BlueBorne (CVE-2017-10946) was a set of vulnerabilities in Bluetooth implementations that allowed attackers to remotely take control of devices without needing pairing. It spread between phones, tablets and computers via Bluetooth connections. The scary part? No interaction from you was needed – it could happen just by having Bluetooth turned on.

How to Protect Your Phone

1. Check Your Operating System Version: This is the most important step.
   • Android: Go to Settings > About phone > Software information. Note down your Android version and Security patch level.
   • iOS (iPhone/iPad): Go to Settings > General > About > Software Version. Note down your iOS version.
2. Update Your Phone’s Operating System: Manufacturers released updates to fix BlueBorne.
   • Android:
     1. Go to Settings > Software update (or System update – it varies by phone maker).
     2. Tap ‘Download and install’. Your phone will check for updates.
     3. If an update is available, download and install it. Important: Make sure your phone has enough battery charge (at least 50%) or is plugged in during the update process.
   • iOS:
     1. Go to Settings > General > Software Update.
     2. If an update is available, tap ‘Download and Install’. Follow the on-screen instructions. Important: Ensure you have enough storage space for the update.
3. Check Your Phone Manufacturer’s Website: Sometimes updates roll out slower through the phone’s settings.
   • Visit your phone manufacturer’s support website (e.g., Samsung, Google, Apple). Search for security updates related to Bluetooth or BlueBorne for your specific model.
4. Disable Bluetooth When Not In Use: This significantly reduces the attack surface.
   • On Android and iOS, you can quickly toggle Bluetooth on/off from the quick settings panel (swipe down from the top of the screen).
5. Be Careful with Public Bluetooth: Avoid pairing with unknown devices in public places.
   • Only pair with devices you trust.
   • If you must pair, confirm the PIN code displayed on both devices before connecting.
6. Keep Your Apps Updated: While BlueBorne directly affected Bluetooth, outdated apps can still be a security risk.
   • Regularly update your apps through the Google Play Store (Android) or App Store (iOS).

Checking for Vulnerability (Advanced – Android only)

You can use a tool like BlueBorne Scanner, but this requires some technical knowledge and using the command line.

1. Install Termux: Download and install Termux from F-Droid (https://f-droid.org/en/packages/com.termux/).
2. Open Termux and Install Dependencies: Run the following commands:

   pkg update && pkg upgrade

   pkg install bluetooth nmap python git

3. Clone the BlueBorne Scanner Repository:

   git clone https://github.com/postmarketOS/blueborne.git

4. Navigate to the Directory:

   cd blueborne

5. Run the Scan:

   python blueborne.py --scan

   This will scan for vulnerable Bluetooth devices nearby.

Warning: Using Termux and command-line tools can be complex. Be careful when running commands, and only use trusted sources.

Staying Vigilant

Cyber security is an ongoing process. Regularly check for updates, practice safe Bluetooth habits, and stay informed about new threats.