As always with new security issues affecting mobile devices, it’s Android users who have to worry about the newly discovered Bluetooth hack. Windows and iOS phones are protected against it but only if you’ve installed the September 12th security patch on Windows or run iOS 9.3.5 or laters. A security patch is already rolling out to Android device. But we all know that updates aren’t exactly instant in the Android universe, especially compared to Apple’s or Microsoft’s updates.
The BlueBorne attack can also work on other Bluetooth-enabled devices, including computers and IoT gadgets.
Discovered by security company Armis, the BlueBorne threat is a collection of eight exploits that can be used immediately against no less than 5.3 billion devices. That’s well above the number of Android devices out in the wild, as it includes everything that comes with Bluetooth connectivity.
As soon as hackers find a target, the exploits can force it to give over data stored on it, including sensitive information like keys and passwords.
The hacker can connect to a smartphone via Bluetooth without the user knowing. Considering that many users leave Bluetooth turned on by default, it’s probably easy to find a target.
But once the hackers get into a device and start controlling the screen and apps it’ll be obvious to anyone looking at the phone that something has gone terribly wrong.
Armis details all the exploits discovered so far, and put up a video showing the attack in action on an Android device.
The simplest thing you could do to prevent attacks if you have any reason to believe that someone is targeting you is to disable Bluetooth on your device. But before that, make sure your hardware is updated to the latest available software.
Armis’ full report is available at this link.