BlueBorne Vulnerability Scanner Checks if Your Device is Vulnerable
This week, it was discovered that there was a nasty collection of vulnerabilities that impact devices with Bluetooth connectivity. Armis Labs had discovered this attack vector was present on all major consumer operating systems (Windows, Linux, iOS, Android) no matter what type of device it is (desktop, laptop, smartphone, tablet, wearable, IoT). If you have a device with Bluetooth (except those using only Bluetooth Low Energy) that’s running an unpatched version of the software then it is vulnerable to BlueBorne.
So not only is the BlueBorne attack vector a big deal due to the number of devices which are vulnerable to it, but someone can completely take over your device from 32 feet away without you even needing to tap a link or download/install any malicious software. Another reason why it’s such a big deal is because it can spread from device to device (being airborne) and you don’t even have to have Bluetooth set to discoverable mode for it to happen either.
As we reported, the only way to be completely safe from this vulnerability is to update to September’s Android security update or turn off Bluetooth entirely. Since there’s some confusion about who is vulnerable to this vulnerability or not, the folks over at Armis Labs has put together a new application called BlueBorne Vulnerability Scanner by Armis. It’s a free download from the Play Store that helps you to figure out if you’re vulnerable or not.
Launching it will let you do an initial scan for the vulnerability. I’m not exactly sure how this scan is done (possibly by checking the Android security patch level), because I had Bluetooth off and was still told my Pixel XL was vulnerable (which it is since I haven’t installed the September security update). Now, once you complete your initial scan, you can actually do a scan for surrounding devices which are also vulnerable to BlueBorne.
This additional scan does require Bluetooth to be enabled and it also requires access to location services. Once both are granted, you will get a radar style image (like the one shown above) which shows you other devices in your area that could also be vulnerable.