Attackers are able of taking control of nearby devices, or infect them with the same malware, spreading the corruption.
The victims would be completely unaware their devices were infected, and victims would then be at risk from ransomware attacks or viruses that compromise security systems. Armis Labs had discovered this attack vector was present on all major consumer operating systems (Windows, Linux, iOS, Android) no matter what type of device it is (desktop, laptop, smartphone, tablet, wearable, IoT).
"This means nearly every computer, mobile device, smart TV or other IoT device running on one of these operating systems is endangered by at least one of the eight vulnerabilities".
All the technical details about the new attack have been detailed on Armis Labs official website. The main question for users is whether their devices are vulnerable, and that is what BlueBorne Vulnerability Scanner reveals.
"This covers a significant portion of all connected devices globally". Linux devices which include the CVE-2017-1000250 and CVE-2017-1000251 vulnerabilities have been patched as well.
Armis informed numerous affected companies about the flaws before informing the public, so they had a chance to push out patches.
Google, Apple and Microsoft have issued fixed for the vulnerabilities on their operating systems, but iOS devices running version 9.3.5 or earlier are still vulnerable. But we all know that updates aren't exactly instant in the Android universe, especially compared to Apple's or Microsoft's updates.
This advice to users, particular those who are running older devices and with outdated software is to ensure your software is up to date, even on devices such as printers and TV's, which you may not typically think of updating.
"Examples of impacted devices are Google Pixel Samsung Galaxy, Samsung Galaxy Tab, LG Watch Sport, Pumpkin Car Audio System". Either they implement the protocol in an identical manner, which means a vulnerability on Windows can also affect Android, or they take too much leeway in certain areas of the protocol, exposing their specific products to security flaws.
"The vulnerabilities reported are concerning and device manufacturers have been notified and are working on updates to fix the vulnerabilities", Tehan said.
The most unsafe aspect of this vulnerability is that users targeted by it often times do not know it. Users don't have any kind of notification and there's no indication that someone is actually using your phone's Bluetooth connection.