Verizon has recently released an update for Galaxy S6, S6edge, and S6 edge Plus dubbed as Blueborne Security Patch.
The Galaxy S6 bumps up to version NRD90M.G920VVRS4DQI1, while the Galaxy S6 edge will also move to version NRD90M.G925VVRS4DQI1, and the Galaxy S6 edge+ (Plus) to version NRD90M.G928VVRS3CQI2.
Last month, Armis Labs published the details of the new Bluetooth vulnerability that could potentially expose millions of devices to remote attack.
What Is BlueBorne?
BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.
Here’s the demonstration video from Armis of which technically shows an attack of a unpatched Google Pixel, running malicious software remotely without user permission. So this could be a similar thing happens to any unpatched devices that are also equipped with bluetooth capabilities, that of-course includes the Galaxy S6, S6,edge, and S6edge plus beforehand.
Since phones are still vulnerable when they’re connected to a Bluetooth device, the only recommendation is not to use Bluetooth at all.
So those, who got a Verizon Galaxy S6, or a S6 edge and S6 edge Plus that couldn’t take to leave their Bluetooth off, you folks might check for the said Blueborne Security Patch updates for your devices.