Blueborne! A set of 8 zero-day bugs that put Bluetooth-capable devices at the risk of being compromised.
How scary is this? And can it:
View all files saved on the device? Sure
Turn on the camera? Easy peasy, it can even eavesdrop on meetings and monitor conversations without anyone else knowing.
Install malware? Not a problem!
These bugs allow attackers to take control of your device, steal confidential data, perform remote code execution and MITM attacks, and spread malware to nearby devices.
One of the scariest parts is that it could attack your device simply by turning on your Bluetooth. In other words, the Bluetooth on your device doesn’t need to be discoverable or paired before it can be attacked.
In the words of the researchers:
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,”
So, can your devices be affected?
As a matter of fact:
•All Android devices are vulnerable to this attack except for those using Bluetooth Low Energy.
•All Windows computers running Vista or newer.
• All Linux and Linux-based systems like Tizen and webOS using the BlueZ stack and running kernel version 3.3-rc1 or newer
• All iOS devices running iOS 9 or older.
To protect your devices, install the latest security updates. If you don’t have access to that, make sure that the Bluetooth on your device isn’t enabled when not needed.