A new vulnerability has been discovered that could allow an attacker to take control of a device using Bluetooth. As long as the victim has Bluetooth activated and the attacker is within 32 feet (10 metres), that is all that’s necessary to facilitate the attack.
That’s right, at no point would the victim need to pair with the attacking device, authorize transfer, or click on any boxes. Being a ‘clickless’ attack means that ii would be easy for an attacker to go undetected throughout the entire attack.
The good news is that this vulnerability (dubbed Blueborne) has been created by Digital Security firm Armis, meaning that it isn’t yet out in the wild. That said, it’s probably still worth updating your operating system.
Complete control
For a demonstration of the control a Blueborne attacker would have over your phone, check out this video from Armis demonstrating an attack working on an Android device:
Unlike previous clickless exploits, Blueborne grants an attacker a startling amount of control over devices. This is especially true of Android and Linux phones, given the high system privileges that Bluetooth functionality has in those devices.
The good news is that according to Ars Technica, a patch has been released for this exploit. If you’re an Apple user make sure you’re updated to at least iOS 10. Google provided manufacturers with a patch last month – Pixel and other Google branded phones now have access to the patch, and as we hear more about other Android manufacturers we’ll let you know.
