A NEW HACK hack has been discovered which could affect millions of devices including phones and tablets with an activated Bluetooth connection.
Worse than that, the hacker doesn't even need to pair their device with that of the victim.
Yes, you thought you were safe after the "Bluejacking" window of the early days was closed (come on - you all did it) but now it seems you could be a victim and never even know.
Now, while we'll be the first to admit that this attack, christened BlueBorne, has a limited audience given the relatively short range, imagine the havoc it could wreak in a simple coffee shop?
There are two issues here. The first is that as we discussed recently, Bluetooth 5 now offers "meshing" which means, in certain extreme circumstances, the range could be huge, not just limited to one device.
The second is that Bluetooth, by definition, has to have a lot (and we mean a lot) of access to your device. More than you do as the user in fact. So if the hack gets exploited, it could do some serious damage and steal some serious data.
Now for the good news. This little beast isn't out in the wild. It has been created by Armis, a digital security firm, as a proof of concept. But they have produced a video of it working on an Android device. Check it out below.
Additionally, you'll be pleased to hear that both Apple and Android are on the case. iOS 10 and above are protected and if your Android OEM is good about the monthly security patches (Pixel handsets for example) then you're covered too - but don't assume - and if you have an option for a firmware update, we suggest you take it.
Martin Woolley, Technical Program Manager of the Bluetooth Special Interest Group (SIG) told INQ: "The Bluetooth SIG are aware of the reported issue and are looking into it further. We believe that platform vendors were notified of the issues some time ago and have either already released patches or are in the process of doing so.
"We always advocate users install released OS upgrades as soon as they become available." µ
Is restoring from backup really the better than prevention?
Allowed anyone to pinpoint locations visited by customers of SVR Tracking
Hackers gained access to systems using unsecured administrator's account
But Canonical's Mark Shuttleworth doesn't agree