![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/logo-blueborne.png\"){kind=logo}
<\/p>\n<\/p>\n
From the number of inquiries Intego has received throughout the past week, it’s evident that “BlueBorne” is something of concern for a lot of users of Apple products.<\/p>\n
Let’s start with briefly explaining what BlueBorne is, and then delve into how it might affect you and your Apple devices.<\/p>\n
Armis, a company focused on Internet of Things (IoT) security, recently published a site<\/a> and a white paper<\/a> detailing eight Bluetooth-related vulnerabilities that they collectively call “BlueBorne.”<\/p>\n The name BlueBorne is a portmanteau of the words Bluetooth and airborne, because BlueBorne attacks are wireless by nature.<\/p>\n Bluetooth pairing and discoverability mode are not required by the attack.<\/p>\n The company claims that, if exploited, BlueBorne vulnerabilities could make it possible for an attacker to do such nefarious things as take complete control of affected devices, steal data in transit, and spread malware.<\/p>\n And here’s the kicker: all of this can be done without requiring any user interaction.<\/em><\/p>\n Because such an attack can be carried out surreptitiously, affected users may have no idea that their Bluetooth-enabled systems have been compromised by an attacker.<\/p>\n The following Apple products are specifically called out by Armis as being vulnerable to BlueBorne attacks<\/strong>:<\/p>\n All devices still running the outdated iOS 9 are affected.<\/p>\n Note that not all versions of Apple hardware can run a more current version of their respective operating systems.<\/p>\n In particular, the following Apple products (and older versions) cannot be upgraded<\/strong> to an operating system version that protects against BlueBorne attacks:<\/p>\n According to the Armis report, iOS 10 and later are not susceptible to the BlueBorne vulnerabilities.\u00a0 Therefore if you have a newer<\/em> device than the ones listed above, you’ll need to make sure you’ve updated to the highest version of the operating system that your device supports.<\/p>\n You can go to the Settings app on your device to check whether an operating system update is available.\u00a0 On iOS devices, tap on Settings, then General, then Software Update.\u00a0 (To see what version of iOS you currently have, you can tap on About instead of Software Update.)<\/p>\n (Keep in mind that many devices from other manufacturers, including devices running Android, Windows, or Linux operating systems\u2014including Samsung devices such as their Gear S3 smart watch and their Family Hub smart refrigerator\u2014are also affected. For non-Apple devices that may be affected, check with the manufacturer to see if an update is available.)<\/p>\n We noted that Armis made no public mention of Mac or macOS, or Apple Watch or watchOS, in their reports, so we reached out to them for comment.\u00a0 They responded:<\/p>\n “At this time, Armis has not identified any macOS that are vulnerable to BlueBorne.”<\/p>\n They also commented that “watchOS is not vulnerable at this time,” with the caveat that they needed to confirm with their researchers whether previous versions of watchOS were exposed.<\/p>\n If you don’t use Bluetooth, you can mitigate the BlueBorne vulnerabilities by turning off the Bluetooth radio on your affected Apple device.\u00a0 This can be done via the Settings app.\u00a0 Once your device indicates that Bluetooth is off, you’re protected from BlueBorne.<\/p>\n However, if your hardware is so old that you can’t upgrade to iOS 11 or tvOS 11, that means your device is susceptible to quite a few more unpatched vulnerabilities than BlueBorne alone; merely turning off Bluetooth won’t protect you from many other dangerous vulnerabilities.<\/p>\n You should strongly consider upgrading to newer hardware that is capable of running iOS 11 or tvOS 11<\/strong>, of which the bare minimum includes:<\/p>\n If you have a compatible device, upgrade to iOS 11.<\/p>\n Sure, you can<\/em>… if you trust Bluetooth. Armis, however, warns that although iOS 10 and iOS 11 are not vulnerable to the BlueBorne attack, they believe “many more vulnerabilities await discovery in the various platforms using Bluetooth.”<\/p>\n Other security professionals including Steve Gibson have long cautioned<\/a> to turn off any wireless radios that you don’t actively use. Gibson has noted that Apple has a habit of reenabling Bluetooth after every major and minor iOS upgrade, even if the user has explicitly turned it off.<\/p>\n Our advice?<\/p>\n If you don’t use Bluetooth at all, you might as well leave it off, and after each iOS update make sure to turn it off again.<\/p>\n If you do use Bluetooth on a regular basis, consider turning it off whenever you’re not using it; it’s fairly easy to turn it off and back on.<\/p>\n Well, at least it used to be.<\/p>\n Take caution if you’ve upgraded to iOS 11, because when you attempt to disable Bluetooth or Wi-Fi from the new Control Center by swiping up from the bottom of the screen, it doesn’t actually turn the radios off.<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/bluetooth-logo-300x73.png\"){kind=logo}
Armis claims in their press release<\/a> that “nearly all devices with Bluetooth capabilities, including smartphones, … laptops, watches, smart TVs, and even some automobile audio systems, are vulnerable to this attack.”<\/p>\nWhich Apple devices are affected?<\/h3>\n
\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/iOS-9-icon-1024x1024-300x300.png\"){kind=icon}
<\/p>\n\n
Are Macs affected? What about Apple Watch?<\/h3>\n
![](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/apple-watch-on-macbook_1920-1024x683.jpg\")
\u2705 Apple Watch and Mac are not known to be vulnerable to BlueBorne. Image: AlexBor<\/a><\/p>\nMy Apple product is on your list of vulnerable devices! ? What can I do?<\/h3>\n
\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/iOS-11-icon-340x340-300x300.png\"){kind=icon}
<\/p>\nSo if I’m running iOS 10 or later, is it okay to leave Bluetooth enabled even when I’m not using it?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/bluetooth_disabled_320px.png\")
<\/p>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/09\/ios11-iphone7-control-center-network-settings-animation-147x300.gif\")
As of iOS 11, you can’t truly turn off Bluetooth by swiping up anymore. Image: Apple<\/a><\/p>\n