The security research firm Armis identified massive vulnerabilities in the Bluetooth wireless technology that can allow attackers to take over people’s devices, whether they be smartphones, PCs or even Internet of Things devices such as smart TVs and watches.
The “BlueBorne” flaws would allow a virus to leap from device to device, regardless of the operating system being used.
They can even allow attackers to access so-called “air-gapped” computer networks that aren’t connected to the Internet, Armis warned Tuesday. Bluetooth-equipped devices do not need to be in discoverable mode, or paired with the attacker’s device, in order to be vulnerable.
“These silent attacks are invisible to traditional security controls and procedures. Companies don’t monitor these types of device-to-device connections in their environment, so they can’t see these attacks or stop them,” Armis CEO Yevgeny Dibrov said in a statement. “The research illustrates the types of threats facing us in this new connected age.”
So, are your Bluetooth-equipped devices vulnerable? Armis told many of the affected tech companies about the flaws well before informing the public—an approach known in the industry as responsible disclosure—so they’ve had a chance to push out patches.
Not everyone has, though.
According to Armis, Google (GOOGL) put out an Android security update last month and Microsoft (MSFT) planned a Windows update for Tuesday. The team working on security for the open-source Linux operating system was also targeting an update for Tuesday.
Apple (AAPL) fans will be delighted to hear that the current versions of its software are not vulnerable. That means anything more recent than iOS 9.3.5 or, for Apple TV users, version 7.2.2 of the software for that device. iOS 10 is definitely OK, Armis said.
Samsung (SSNLF) fans will be less pleased to read this from Armis: “Contact on three separate occasions in April, May, and June. No response was received back from any outreach.”
Those using non-Google-branded Android devices will just have to hope that the manufacturers issue security updates to keep them safe. Google automatically updates its own devices, such as the Pixel, but when it comes to the wider Android ecosystem, all it can do is make updates available to manufacturers and hope they relay them to their customers’ phones and tablets.
Armis has released an Android app to help people check if they are vulnerable.
In short, install the latest updates for everything, and unless you’re sure that your devices have been updated with a fix, it might be a good idea to turn off Bluetooth for now.
