Hey, fellas, I know it might be quite hip to always have your device Bluetooth on so that you can you can connect your watches or headset to your phone. But new research from Armis has identified a new plane of attack vector that targets your device Bluetooth and connects to it without your permission and then enabling the attackers to have full control over your device and then possible steal data.
BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.
Google and Microsoft have released patches and updates to mitigate this threat. Please ensure you backup your devices properly and always remember not to leave sensitive info on your devices.