An airborne attack is an attack that does not require any direct access or connection. Attackers can exploit vulnerabilities or weaknesses in the security of Bluetooth, Wi-Fi or other wireless protocols to compromise devices and gain unauthorized access to sensitive information.
A recent example of an airborne IoT attack is BlueBorne. Smart home and connected IoT products like the Amazon Echo, Google Home, or Samsung Gear S3 smartwatch were found to be exposed to potential airborne attacks via Bluetooth. Researchers found that vulnerabilities in the implementation of Bluetooth allow attackers to take full control of any device built on Linux or a Linux-derived operating system. BlueBorne does not require any user interaction or authentication, and enables the attacker to gain access to the device without its user’s knowledge. Once compromised, the vulnerable device can also be used to propagate over-the-air via Bluetooth to other devices in range.
More than 5 billion devices were found to be vulnerable to BlueBorne, which underscores the gravity of airborne attacks and importance of IoT security. Devices that communicate wirelessly are designed to seamlessly detect, negotiate, and connect to other devices via the available wireless protocols—often seamlessly and without any interaction from the user. Vulnerabilities in those protocols or in the processes used to authenticate with one another can be exploited by attackers to intercept data or compromise IoT devices.