Technologist - The FindLaw Legal Technology Blog

Hackers' New Way to Attack Phones Using Bluetooth

Back in the day, you looked over your shoulder to make sure no one was following you. Now you have to look in your pocket or your purse.

That's because hackers have found another way to get information from your cell phone or mobile device. They can access your data through Bluetooth technology.

In other words, they don't even need to touch your phone. Now hackers do it in the air.

Ten-Second Rule

Security company Armis found the vulnerabilities, called BlueBorne, that attackers can use to access phones, computers, and IoT devices. Basically, they can get to everything that connects to the internet.

"Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth," the company reported. "These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research."

With the BlueBorne exploits, a hacker can take control of a device or make it give up information. The attack will "wake up" your phone and start working in a matter of 10 seconds.

"This attack does not require any user interaction, authentication or pairing, making it practically invisible," Armis said.

Protecting Devices

TechCrunch said that Windows and iOS phones are protected, and Google users are receiving a patch. Other devices could still be vulnerable.

For lawyers, it emphasizes the need to check for cybersecurity regularly. Professional responsibility rules require attorneys to "safeguard information relating to the representation of a client," including the "inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."

A few years ago, that meant using antivirus software, malware protection, or data encryption. This week it also means making sure your cell phone's Bluetooth is off.

Related Resources: