Armis Lab, the Internet of Things security firm, has revealed details of BlueBorne, a Bluetooth vulnerability that affects millions of iOS and Android smartphones, IoT devices, and Windows and Linux systems. In all, 5.3 billion devices are believed to be at risk.
The BlueBorne attack makes it possible for an attacker to spread malware or take control of nearby devices. What's particularly concerning is that for an attack to be successful, there is no need for device pairing, or even for a target device to be in discoverable mode. There's also no need for any sort of interaction by the victim -- everything can happen completely silently in the background.
The only requirement for a successful attack is that Bluetooth is enabled -- something most people have enabled at least on their phone, and often on their computers and laptops. Armis Labs describes BlueBorne as being "out of the traditional kill chain" as it is incredibly hard to detect.
The company says:
BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker's device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks.
Armis Labs has already communicated with Microsoft, Google, Linux, Apple and Samsung, and patches are being issued in most cases -- with the possible exception of Samsung which failed to respond to the notification.
Armis Labs has created a video that explains how BlueBorne attacks work:
In a second video, the company shows how an attacker can take control of an Android phone via Bluetooth:
More information about BlueBorne can be found on the Armis Labs website.