More than 5.3 billion devices with Bluetooth signals are at risk of a malware attack newly identified by an internet of things security company.
This attack vector uses Bluetooth to infect devices with malware without being detected by the victim, and can affect Windows, Linux, Android, and iOS devices alike.
The researchers have informed Microsoft, Google, Linux, and Apple about the new ‘BlueBorne’ attack, and some of these companies have even rolled out patches for it.
In a lot of cases, malware depends on people clicking on a link they shouldn’t have, or downloading a virus in disguise. With BlueBorne, all hackers need to spread malware is for their victims’ devices to have Bluetooth turned on, said Nadir Izrael, Armis’ chief technology officer.
And once one device has been infected, the malware can spread to other devices nearby with the Bluetooth turned on. By scattering over the airwaves, BlueBorne is “highly infectious,” Armis Labs said.
“Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure ‘air-gapped’ networks, and spread malware laterally to adjacent devices,” the company notes on its website.
You can turn off your Bluetooth to prevent attacks if you won’t receive the patch, Armis advised.