9

Armis Labs lately revealed a new attack vector that attacks essentially all major OS including those used on IoT devices via Bluetooth. BlueBorne is reported to spread malware laterally to adjacent devices - which sounds pretty much like an IoT nightmare to me.

According to Armis Labs' website the Linux based Tizen OS, a consumer-oriented platform for things like smart refrigerators, is affected. Things like my1 Samsung RB38K7998S4/EF are supposedly vulnerable.

Given that any official patch to fix the bug may take Samsung some time, how can one secure the refrigerator meanwhile against BlueBorne?

Is it possible to completely disable Bluetooth as a mere user? I.e. can one blacklist the core Bluetooth modules, disable and stop the Bluetooth service, and remove the Bluetooth modules as outlined in this general Linux question (How do I secure Linux systems against the BlueBorne remote attack?)?

1: Just kidding of course, I would not buy a fridge worth 3+ k€... but the question still stands.

Ghanima
  • 2,539
  • 1
  • 19
  • 46

1 Answers1

4

That is one of the many problems with IoT devices: The operating systems are proprietary, and you do not have root access to them. Furthermore, disabling kernel modules is generally too complex for most users.

Additionally there's a large number of models, and updates typically stops before the end of life for the product, leading to unpatched code in the wild. As they are internet connected, they may be attacked remotely, and may even participate in new attacks, as they are in essence full computers with a network stack.

Bruce Schneier has written a good essay about IoT security where he hilights many of these problems.

So TL;DR: As a consumer, there's nothing you can do.

vidarlo
  • 256
  • 2
  • 5