A set of vulnerabilities affecting "almost every" Bluetooth-connected desktop, mobile, and smart device on the market has been revealed.
Despite the fact that the vulnerabilities are complex and widely patched, Armis researchers estimated that they could still affect 5.3 billion unpatched devices.
Ben Seri, one of Armis' researchers, used the vulnerabilities to connect to the Pixel without any input from the device.
Armis, which has a commercial stake in the IoT security space, warned that the attack vector can be exploited silently.
Also, the vulnerabilities in BlueBorne are widespread and patches will be coming out for months-so users should disable their Bluetooth until they become available.
Ben Seri, Armis Labs' head of research, fears that BlueBorne will lead to a similar massive outbreak.
More than 8.2 billion Bluetooth devices are now in use, they noted.
The other wildcard here: Linux-based devices.
This means that not all vulnerable devices will have the same exact virus.
The Bluetooth Pineapple vulnerability allows an attacker to create a MITM attack using only a Bluetooth-connected device and no special equipment, which is often required for Wi-Fi interception. The company has reported these flaws to affected companies - including Google, Microsoft, Apple, Samsung, and Linux - and is working with them to get patches deployed.
Other attacks would allow attackers to remotely execute malicious code on the device, which could be used to hijack or corrupt a Bluetooth-enabled device.
The vulnerability was mitigated by Apple in iOS 10.
In the case of Apple, devices with iOS 9.3.5 and lower, and AppleTV devices running version 7.2.2 and lower are vulnerable.
"These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date", an Armis spokesperson told Bleeping Computer via email. They also do not need pairing to be implemented.
Now for the good news. The majority of newer phones, tablets, and some computers have already been fixed.
Armis is in the business of helping to secure internet of things (IoT) devices.
Google is patching Android 4.4.4 KitKat and later, leaving fewer than one-in-ten older Android devices without the patches. Google said Android partners received the patch in early August, but it's up to the carriers to release the updates. Windows Phones are not affected. The attacker will then exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform and gain the access he needs to act on his malicious objective.
Armis Labs argued that airborne attacks show a new type of threat that's typically not taken into account by traditional security solutions.
For more on BlueBorne, check out the video below.
'You could be simply walking down the street [and] you walk past someone who is vulnerable and suddenly they are infected, ' said Mr Miller.