Armis Labs, an Internet-of-Things security company, informs that it discovered a Bluetooth vulnerability codenamed BlueBorne that can affect billions of devices, including Android and iPhone smartphones, Linux and Windows PCs, or even smart appliances like TVs, security cameras, medical devices and sound systems.
It is almost impossible to ascertain the number of active devices in the world that features Bluetooth connectivity.
Armis released an Android tester app that could tell users if their device was still vulnerable - as of Wednesday, a variety of Samsung devices, including the Samsung Galaxy S8 were still marked as vulnerable to malware attacks transmitted by Bluetooth. If air-gapped networks get breached, the attack can endanger industrial systems, government agencies, and critical infrastructure.
BlueBorne does not require any user interaction and all attacks are automated. Bluetooth signals allow gadgets to connect and communicate wirelessly. In the wrong hands, this vulnerability could be used in cyber espionage, data theft, ransomware and the creation large botnet networks made of IoT devices. This can cause a worm-like attack, where an affected device can infiltrate another.
"These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device."
Housing market: London and south east are weakest regions - RICS
However, the survey also reports anecdotal evidence suggesting different levels of sctivity based on price and favouring properties below £250,000.
There are a couple of ways one can remain safe from BlueBorne.
Most security firms now advise users to keep their Bluetooth off, especially when they are not using it or are near someone they have yet to trust. The researchers then cross referenced the code in other Bluetooth stacks and found more vulnerabilities. Armis Labs says more than 5 billion devices are vulnerable to attacks through the Bluetooth exploits.
"The vulnerabilities reported are concerning and device manufacturers have been notified and are working on updates to fix the vulnerabilities", Tehan said.
Apple also regularly updates its products for security. The malware infected hundreds of thousands of computers even though the users never downloaded the virus.