Pixel devices have already received the updates. Google said Android partners received the patch in early August, but it's up to the carriers to release the updates. Microsoft released a patch for its computers in July, and anybody who updated would be protected automatically, a spokesman said. Apple confirmed that BlueBorne is not an issue for its mobile operating system, iOS 10, or later, but Armis noted that all iOS devices with 9.3.5 or older versions are vulnerable. The three companies have released patches for the vulnerability. The vulnerability affects devices on most operating systems, including those run by Google, Microsoft and Apple. It's able to spread through "improper validation," Izrael said. It does this by taking advantage of how your Bluetooth uses tethering to share data, the company said. That kind of exploit lets hackers execute malware remotely, steal data and pretend to be a safe network as a "man in the middle" attack. Zero-day vulnerabilities are security flaws that are found before developers have a chance to fix them. "Imagine there's a WannaCry on Bluetooth, where attackers can deposit ransomware on the device, and tell it to find other devices on Bluetooth and spread it automatically," said Michael Parker, the company's vice president of marketing.īlueBorne is a collection of eight zero-day vulnerabilities that Armis Labs discovered.
In several trials testing out BlueBorne, researchers were able to create botnets and install ransomware using Bluetooth, all under the radar of most protection.
Ben Seri, Armis Labs' head of research, fears that BlueBorne will lead to a similar massive outbreak.