A new vulnerability has been discovered that could allow an attacker to take control of a device using Bluetooth. As long as the victim has Bluetooth activated and the attacker is within 32 feet (10 metres), that is all that’s necessary to facilitate the attack.

That’s right, at no point would the victim need to pair with the attacking device, authorize transfer, or click on any boxes. Being a ‘clickless’ attack means that ii would be easy for an attacker to go undetected throughout the entire attack.

The good news is that this vulnerability (dubbed Blueborne) has been created by Digital Security firm Armis, meaning that it isn’t yet out in the wild. That said, it’s probably still worth updating your operating system.

Complete control

For a demonstration of the control a Blueborne attacker would have over your phone, check out this video from Armis demonstrating an attack working on an Android device:

Unlike previous clickless exploits, Blueborne grants an attacker a startling amount of control over devices. This is especially true of Android and Linux phones, given the high system privileges that Bluetooth functionality has in those devices.