Bluetooth has quickly become the default way for devices to share data across short distances since its original invention in 1994. Unfortunately, its widespread, easy-to-use nature makes it a prime target. According to an article by ArsTechnica, researchers have created an attack that can hack a wide range of Bluetooth enabled devices running Android, Linux, and Windows. That includes billions of devices worldwide.
Called “BlueBorne”, the attack method is notably effective and far in its reach. As ArsTechnica explains, “Virtually any Android, Linux, or Windows device that hasn’t been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn’t require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on. The exploit process is generally very fast, requiring no more than 10 seconds to complete, and it works even when the targeted device is already connected to another Bluetooth-enabled device.”
Sounds scary, right? Well, it kind of is. Nadir Izrael, CTO and co-founder of security firm Armis, told ArsTechnica that BlueBorne “abuses the fact that when Bluetooth is on, all of these devices are always listening for connections.”
There is some good news, however, if you use Microsoft. Microsoft has patched the vulnerabilities, so recent updates should protect you against this hack. Moreover, a representative has said that the Windows Phone was never vulnerable to the attack in the first place.
Google is also working on patching the vulnerabilities for its Pixel XL and other Google-branded phones, but a total fix might take some time. Apple’s iOS prior to version 10 was quite vulnerable, but should be better going forward, and Linux is expected to release a fix soon. ArsTechnica says that the attack is most potent against Android and Linux devices.