This morning, Armis security published details of a new Bluetooth vulnerability that could potentially expose millions of devices to remote attack. Dubbed Blueborne, the attack works by masquerading as a Bluetooth device and exploiting weaknesses in the protocol to deploy malicious code, similar to the Broadcom Wi-Fi attack disclosed earlier this year. Because Bluetooth devices have high privileges in most operating systems, the attack can be executed without any input from the user. Blueborne doesn’t require devices to be paired with the malicious device, or even be set in discoverable mode.
New Bluetooth vulnerability can be exploited to silently hack phones and laptops