IoT security platform Armis on 12 September gave warnings about a new attack vector targeting Android, iOS, Windows and Linux systems using the Bluetooth function. The name of this IoT Attack Vector is 'BlueBorne' and it allows the attacker to take control of the affected devices, spread malware to adjacent devices and penetrate secure air-gapped systems. Armis has also released eight related "zero-day vulnerabilities" out of which four are classified as critical.
The hackers using BlueBorne Attack Vector can leverage Bluetooth connectivity by masquerading as a Bluetooth device and then take over control of the targeted system. The startling part is that the device is not required to be paired via Bluetooth to the attackers device or even be set in discoverable mode.
The nine vulnerabilities discovered by Armis are currently functional and can be fully exploited. However, iPhones running iOS 10 are not in danger from this attack vector. In a video shown below, Armis was able to successfully demonstrate an attack over an unpatched Google Pixel device and run software without user permission.
Although the underlying vulnerability lies in some form or the other across various Android devices the specifically targeted exploit varies across different systems according to Arstechnica. Also, there is the fact that the necessity of Bluetooth actually impedes the range from which a hacker can take control of your device and the Bluetooth function must also be on at the time.
There are various known Bluetooth vulnerabilities as given in a guide by NIST and chances are that if you are behind on the latest security patches for your phone chances are that you could be exposed to this vulnerability real quick.