The film Mission Impossible - Rogue Nation features a scene where a memory stick is erased covertly by a mobile phone lying nearby with no physical interaction. A couple of years ago this seemed like Hollywood fantasy but researchers have identified a suite of vulnerabilities in the Bluetooth function implemented in many software and hardware devices that may permit this and even more destructive attacks. Billions of mobile devices may be at risk and may never be patched to prevent the threat.

The "Blueborne" vulnerabilities have been identified across Android and iPhones, Windows and Linux computers, and permit compromised devices to be attacked with no physical interaction, and silently without any signs of compromise.

Although some software vendors have worked to patch these vulnerabilities, the scale of this threat could be similar to the StageFright weaknesses identified some years back. This attack could be used to compromise devices within a business directly, or via "drive by" attacks on employees, allowing attackers to migrate their infection to valuable and vulnerable systems within the corporate infrastructure.

Bluetooth is increasingly becoming an essential software service as many mobile devices move to remove the old style audio jack in exchange for wireless headphones. Although disabling Bluetooth across your corporate IT estate may be inconvenient, it may one of the few routes to limit the risk of these newly discovered vulnerabilities being used against your business.

We advise all computer users to keep their systems patched and updated and to stay alert for unusual behaviour.

(image from Mission Impossible - Rogue Nation, by Paramount Pictures)