My InfoSec team talked to me yesterday about Bluetooth attacks they're seeing.
Bluetooth hasn't been a widely publicized target in the past. Its internal rights and hooks higher up in the hardware and OS, and its ubiquity make it (sadly) perfectly vulnerable and desirable to compromise.
The new BlueBorne exploit packages eight Zero Day vulnerabilities together, and combines them to make a hands-free attack and take-over of any Bluetooth device simple and silent. In ten seconds any vulnerable device (and I do mean ANY--Apple,
Android, and Linux are specifically vulnerable to this) is taken over--without any clicking by their owners.
And then the device goes & infects all the other Bluetooth devices it sees (even if you're not joined to them!).
Once compromised, a remote operator can access far too much on your device, and reconfigure more. They can see your keystrokes, your audio, your video, read/modify/download your files and your photographs . . .
Billions of devices imperiled by new clickless Bluetooth attack | Ars Technica
https://www.armis.com/blueborne/
New Bluetooth vulnerability can hack a phone in 10 seconds | TechCrunch
How have you fit Bluetooth monitoring into your Solarwinds solutions?
What can Solarwinds do to alert us about compromised Bluetooth devices?
