From there, it spreads to other vulnerable devices it detects.
Researchers have found malicious attacks do not require pairing or user intervention, the attacker simply needs to be within ten metres of the device.
"'The user is not involved in the process, they don't need to be in discoverable mode, they don't have to have a Bluetooth connection active, just have Bluetooth on, ' Nadir Izrael, the co-founder and chief technology officer for Armis, told Motherboard".
US-headquartered security company, Armis Lab, revealed the vulnerability on 12 September. Also, they could create a "Bluetooth Pineapple" to sniff out traffic being sent Bluetooth devices, hijack this connection, and redirect traffic. Company officials, however, didn't disclose the patch or the underlying vulnerabilities at the time.
If you have something to say about Blueborne, drop your thoughts in the comments. Google automatically updates its own devices, such as the Pixel, but when it comes to the wider Android ecosystem, all it can do is make updates available to manufacturers and hope they relay them to their customers' phones and tablets.
Ars Technica weighed in: "Izrael said he expects Linux maintainers to release a fix soon". The vulnerability found in Apple's Low Energy Audio Protocol (LEAP), which works on top of Bluetooth, enables a remote code execution attack that could allow an attacker to silently take over a device. The Bluetooth functionality in both OSes also runs with high system privileges, allowing the resulting infection to access sensitive system resources and survive multiple reboots. Armis previously alerted most affected parties back in April, but as of today, it's mostly Android devices that remain vulnerable to attack.
There are two specific methods attackers could use with exploit code.
If you want to go deeper into what BlueBorne is capable of, Armis Labs has put together a white paper on the virus. "The vulnerabilities are at the very core of the Bluetooth stacks, so once a connection is started, a remote code execution, or a man-in-the middle attack, is possible". "There's a huge number of "things" that rely on Bluetooth to perform their function - like speakers, or computer keyboards and mice - and, short of turning them off, there isn't fix and that is going to leave millions vulnerable". It could also change data in transit. The Android implementation is vulnerable to the same attack.
They outlined eight vulnerabilities that can be used to attack the Linux open source kernel and Google's Android operating system, as well as Microsoft Windows and Apple iOS.
"Previously identified flaws found in Bluetooth were primarily at the protocol level", Armis claimed.
It's also, according to Armis, a Palo Alto, California-based IoT security firm, too complicated.
Typical of most proof-of-concept exploits, the BlueBorne attacks demonstrated in the videos are relatively simple.
And once one device has been infected, the malware can spread to other devices nearby with the Bluetooth turned on. All that is needed is to turn Bluetooth on.
Armis has tagged four of the vulnerabilities as critical. But updates might not be as frequent for single-purpose smart devices like your smart refrigerator or a connected television.
The best way to protect yourself from the Blueborne attack is to keep the feature off and try not to connect to it. That means from Android to iOS and Linux, the exploit will be different and it will work in different ways.