When in doubt, throw it out

Updating your devices, whether that’s a desktop, laptop or a phone may seem like a real hassle. Being nagged by a notification every hour or so is really annoying, especially when you have lots to do. It’s so much easier just to ignore or delay those updates. No harm in putting it off until later, right?

Well, you could do that, but keep in mind that with every day you delay, the risk to your device or system increases exponentially. Modern malware, especially the advanced persistent threat variety, is extremely mobile and essentially relies on users being slow to patch vulnerabilities. And this isn’t an empty threat. Just in the past few weeks it was discovered that older versions of operating systems on phones in particular are extremely vulnerable to an attack vector that researchers have devised that uses the wireless technology of a mobile device to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows.

“BlueBorne”, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on. The exploit process is generally very fast, requiring no more than 10 seconds to complete, and it works even when the targeted device is already connected to another Bluetooth-enabled device.

To counter this, Google has made patches available pretty much immediately for its own brand devices such as the Google Pixel range, but as past behaviour has shown, this process is much slower for any other devices running Google’s very popular Android operating system. Only 4%(!) of Android devices have been updated to the latest version along with the required security patches. That’s compared to 87% of iOS devices, highlighting the vital importance of having a proper patching system in place across an entire ecosystem.

The lesson of these news stories is to always have the latest security procedures in place, and if that isn’t at all possible, turn off any extra functionalities that you aren’t using by default. For example, it has never been a bad idea to keep Bluetooth turned off by default and to turn it on only when needed—at least on Android phones, the large percentage of which still broadcast privacy-compromising MAC addresses for anyone within radio range to view.

You wouldn’t like someone physically peeking over your shoulder and seeing everything you’re doing. Why allow it to happen virtually?