Researchers at Armis Labs on Tuesday detailed a new attack vector which they claim can potentially affect all devices with Bluetooth capabilities.
Armis, a firm that focuses on Internet of Things security, is calling it BlueBorne.
The attack vector reportedly allows an attacker to take complete control of a device, access corporate data and networks, infiltrate “secure” air-gapped networks, create large botnets out of IoT devices and more. It’s also highly infectious and can spread malware to nearby devices.
Armis says it affects computers running Windows and Linux as well as IoT gadgets and mobile devices powered by Android and iOS.
Bluetooth is one of the most popular wireless communications standards on the block. The technology has found a serious following in recent years with the advent of mobile devices.
In total, nearly 5.3 billion devices are vulnerable.
Perhaps what’s most alarming about BlueBorne is the fact that a target device doesn’t need to visit a specific website, download an infected file or even pair with another device to become a victim. So long as Bluetooth is enabled, a hacker can gain access and wreak havoc. Worse yet, all of this can be done without a user’s knowledge.
Armis also disclosed eight related zero-day vulnerabilities, four of which are considered to be critical in nature.
A list of affected devices can be found on Armis’ website.
The company said it has already reached out to major companies including Google, Microsoft, Apple, Samsung and Linux to ensure a coordinated response.