Mobile security outfit Armis Labs have announced the discovery of a new vulnerability that can potentially expose mobile, desktop, and even internet-of-things (IoT) platforms. They call this new attack vector “BlueBorne”, alluding to the fact that this can be used to attack devices via Bluetooth. And it’s not just Android devices that are in danger, even iOS and Windows devices can be infected as well.
What does BlueBorne do? Well, BlueBorne is an attack vector by which hackers can use – specifically Bluetooth connections – to penetrate and take control of targeted devices. The scary thing here is that targets are not even required to pair with the attacker’s device, or even be on discoverable mode. Check out the video below.
The BlueBorne vulnerability requires no user interaction, and is unfortunately compatible to all software versions. It doesn’t even require any preconditions or configurations aside from the device’s Bluetooth being active. Bluetooth-enabled devices are constantly searching for incoming connections, and this means that connections can be made without pairing.
Armis Labs has already communicated with the major players affected here – Google, Microsoft, Samsung, Apple, and Linux. You can expect that patches will be forthcoming, especially with the monthly Android Security Bulletin. One can only hope that the threat can be neutralized soon.
SOURCE: Armis Labs