Almost 5.3 Bluetooth billion devices are vulnerable to a recently identified exploit called "BlueBorne," allowing hackers to take control of them and infect them with malware.
To be clear, it can compromise not only smartphones and tablets but also smartwatches, smart speakers, laptops, and many others.
What Is BlueBorne?
According to security firm Armis, who pinpointed the vulnerability, BlueBorne is a new vector attack that affects Bluetooth devices and spreads through the air, quickly putting numerous targets in jeopardy.
"BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices," the company says.
Compared with typical attacks, the exploit doesn't require users to click on a link or download anything to carry out its nefarious purpose. Its dangerous nature is it doesn't even need permission to pair with a device to establish a connection as long as its target's Bluetooth is on. It's also capable of going under the radar, completely going unnoticed by the user.
Infected Devices
BlueBorne targets computers, mobile phones, smart TVs, digital assistants, smartwatches, sound systems, and medical devices.
For the most part, Android devices are in danger since the hardware running the OS is expansive, and the patches to iron out the issue are left to the manufacturers.
Out of the 5.3 billion devices at risk, 2 billion are Android, and Armis says that 180 million of the Android devices are powered by versions that won't be patched.
Some notable devices that are vulnerable include the Google Pixel, the Samsung Galaxy and Galaxy Tab series, and the LG Watch Sport.
Meanwhile, iOS devices running iOS 9.3.5 or lower and AppleTV on 7.2.2 or lower are open to the attack.
On the other hand, all Windows devices are susceptible to the exploit.
Linux-based devices are also prone to be infected, including Samsung's Gear S3 smartwatch, smart TVs, and Family Hub.
BlueBorne Fix
Back in April, Armis started getting in touch with several manufacturers to address BlueBorne, contacting Google, Microsoft, Apple, Samsung, and Linux.
Google rolled out the necessary measures in its September security patch for Android 6.0 Marshmallow and Android 7.0 Nougat.
Apple assures that iOS 10 users are no longer at risk of the exploit.
Microsoft has begun sending out security patches to all Windows versions as of 10 a.m., Sept. 12, putting the details available online.
Linux received the details from Armis in early September, and it's planning on launching security patches on or about Sept. 12.
Unfortunately, out of the group of contacted manufacturers, Samsung didn't respond to Armis on three occasions: one in April, one in May, and one in June.
Put simply, users will have to wait for a fix from their devices' manufactures to steer clear of BlueBorne, but since it may take some time for a widespread rollout, the surest measure for now is to keep Bluetooth off.
In the video below, Armis provides an explanation for BlueBorne, including a scenario that illustrates the potential danger involved:
The company has also uploaded a white paper (PDF) that goes into deeper detail regarding the exploit.