New Bluetooth vulnerability can be exploited to silently hack Android phones
This morning, Armis security published details of a new Bluetooth vulnerability that could potentially expose millions of devices to remote attack. Dubbed Blueborne, the attack works by masquerading as a Bluetooth device and exploiting weaknesses in the protocol to deploy malicious code, similar to the Broadcom Wi-Fi attack disclosed earlier this year. Because Bluetooth devices have high privileges in most operating systems, the attack can be executed without any input from the user. Blueborne doesn’t require devices to be paired with the malicious device, or even be set in discoverable mode.
Any iPhones running iOS 10 are immune to the attack, and Microsoft deployed a patch to fix the bug in July. That leaves Android devices as the most…