If you always leave Bluetooth on your phone on, you might want to rethink things.
A vulnerability known as BlueBorne was discovered this week by security research firm Armis. With it, researchers were able to infiltrate Samsung Galaxy Phones and the Google Pixel as well as an LG Sports Watch and a car audio system, all by exploiting the Bluetooth connection.
Other devices are also vulnerable. Specifically, iPhones and iPads that haven’t been upgraded to iOS 10, as well as a number of other Android, Microsoft and Linux products. A BlueBorne attack reportedly only takes 10 seconds to do and can give a hacker control of your Bluetooth-enabled device, even if it isn’t connected to anything when the attack begins.
Google and Microsoft put out security patches to get rid of the vulnerability this week. If you haven’t updated your phone in the past few days, you should go ahead and do that right now. No really, do it now.
The issue brings up a much bigger problem: you shouldn’t be leaving your Bluetooth on in the first place.
Wired notes that when you leave Bluetooth on, it’s constantly open to and waiting for other devices to connect to. That’s great when you want to sync your Fitbit or listen to some jams on your wireless headphones, but that also means that your device is constantly available for nefarious things to try and connect to it as well.
Sure, use it to connect to your headphones or car. But if you’re not using it, you should power the feature off.
The way BlueBorne works, it constantly scans for devices that have Bluetooth on, and when it finds one that has relevant vulnerabilities, it can hack into the device exceptionally quickly. Once connected, hackers can take control of the device and even steal data from it.
The attack can also spread from device to device. So, while attackers would technically need to be in Bluetooth range of your phone (10.06m) to pull something like this off, they can get some extra distance when there are other infected devices around as well.
Even though this specific vulnerability has been patched, it’s only a matter of time before something similar pops up.
The easiest line of defence? Don’t leave your Bluetooth on. Wired compares leaving Bluetooth on to leaving a door to your home unlocked. Yes, it will be easier to get in when you get home if you just don’t lock it, but you’re also making it much easier for robbers to come in and steal everything you have while you’re away.