Channel 2 Investigates

Bluetooth Beware: Here's how criminals can steal your identity from your phone

ATLANTA — If your Bluetooth is on, there's a warning that impacts billions of devices.
Channel 2's Consumer Advisor Clark Howard said criminals as close as 50 feet from you could swipe your identity and you'd never know.
The biggest fear for public health workers is that people end up with an illness and then spread it to others in a place like this an airport. Now your cell phone could be vulnerable to something like that, too.


The convenience of staying connected makes your life a lot easier. Texting, checking emails, paying bills -- We're addicted to our devices. But are they safe?
Nadir Izrael, co-founder of the Internet security company Armis, said no.

“People don't take security seriously enough,” said Nadir Izrael, co-founder of the Internet security company Armis.

Clark Howard checks his phone for malware

Izrael said that's what makes the attack method, BlueBorne, so dangerous. Armis discovered the vulnerability.

“An attacker can be situated 50 feet away from you and still be able to perform this type of attack,” Izrael said.

All you have to have is your device on with Bluetooth on -- nothing else.
Photos, emails and personal information can be ripped off. Malware can be put on. Making it possible to spread to other vulnerable devices.
"Basically, like an infection or like a disease would spread from host to host," Izrael said.
Izrael demonstrated to Clark what an attack would look like.
It took him just a few clicks on a laptop and he was able to take control of the cell phone, take a picture and save it to his computer. All of this without ever laying a hand on it.
Armis notified device manufactures about BlueBorne, and many released security updates. But Izrael said many people could still be at risk.
"This doesn't mean automatically to now all devices are safe," Izrael said. "Sadly, a lot of them will never be safe."
It's because many users don't like the inconvenience of updating their device, so it's left open to attack.
"If you have an older device you most likely will never get the security update for it," Izrael said. "And that device will remain vulnerable forever."
Armis created an app, called BlueBorne Vulnerability Scanner, available for Android devices, that will scan your device and others around you for the vulnerability. 
Clark went to the Atlanta airport with threat researcher, Willis McDonald to test it out. And it didn't take them long to find someone vulnerable to BlueBorne.
One woman was shocked to find her phone was at risk.
"How do you feel now that you know that everything on your phone is vulnerable?" Clark asked the woman.
"Not good!" she said.
But her device wasn't the only one at risk, so was Clark's.
"There's nothing I can do to create security for myself?" Clark asked Willis.
Willis said the best way to avoid the attack is to simply turn your Bluetooth off.
"You either live with the risk that your device is vulnerable or you turn it off and disconnect," Willis said.
The key tip for people is to run the scan on your cell phone to make sure it is safe. If it's not and there is not an update available, you can do what Clark did -- turn Bluetooth off on your phone. If there is an update available, do it.
Armis said Apple products updated to iOS 10 are not vulnerable.