The typical malware as we know it today is usually contracted through malicious links or file downloads that will, in turn, deploy code to infect the host device. These are most commonly acquired through the internet. However, a new strain of recently discovered malware has an ability to spread via Bluetooth, which is currently estimated to be available on 8.2 billion devices.
Dubbed 'BlueBorne,' the malicious program, according to Armis Labs, is a collection of eight zero-day vulnerabilities which allow hackers to leverage Bluetooth connections and take complete control of a device. Since it relies on the wireless standard alone, it has the ability to infect desktops, laptops, smartphones, smartwatches, or any other device that allows Bluetooth connections, without the need to pair.
With this in consideration, anyone with an infected device can unknowingly spread the malware to others. This simplicity makes it possible for hackers to conduct cyber espionage, data theft, Man-in-the-Middle (MITM) attacks, create IoT botnets, and deploy ransomware.
Armis further notes that BlueBorne affects devices running the operating systems of Google, Microsoft, and Apple. A security update was provided for Android partners in early August and was made part of the September patches. Microsoft, meanwhile, has a fix for the vulnerabilities in the update it released for all versions of Windows 10, with more details available here. Lastly, the vulnerability was already mitigated by Apple in iOS 10. However, those running 9.3.5 and lower remain at risk.
All things considered, it is apparently no longer enough to simply be careful of what we do online. BlueBorne shows that even when offline, malware can spread from one device to another without our knowledge. It is advised to switch off Bluetooth when not in use, as this will not only help save power, but will also help prevent attacks such as these in the future.