Even when the Bluetooth feature is left in a non-discoverable state, devices running vulnerable implementations can be found with network sniffers, the researchers said.
Three of the eight flaws have been classified as "critical", given its ability to take over devices or intercept communications over Bluetooth. If that seems a little too much of a deep-dive, there's also a YouTube video you can watch to get a more general overview.
BlueBorne was identified by researchers from Armis Labs, who alerted tech companies as far back as April, so that security patches and upgrades could be created before hackers had the chance to exploit the "vulnerability". It starts by targeting the weakest spot in a network's defence and then spreads from device to device over the air. Because Bluetooth devices have high privileges in most operating systems, the attack can be executed without any input from the user.
Once a nefarious individual has successfully taken over a device using BlueBorne, they can do lots of things.
The Verge makes the point that the potential attack has a number of limits, from the variation depending on respective operating systems, to the limited physical range of Bluetooth connectivity itself, with attacks only possible if your Bluetooth is turned on.
Basically, it's a hacker's dream.
"The complications in the specifications translate into multiple pitfall junctions in the various implementations of the Bluetooth standard", the company says in a paper [PDF] describing a set of flaws referred to as BlueBorne. Bluetooth SIG estimates there are around 8.2 billion Bluetooth-compatible devices.
Google and Microsoft are rolling out patches to secure devices against the vulnerability, while iOS 10 is already protected against the attack. Further, the hack requires an attacker to chain together several vulnerabilities and have proximity to the device, making it hard to duplicate in the wild.
In the case of Apple, devices with iOS 9.3.5 and lower, and AppleTV devices running version 7.2.2 and lower are vulnerable. "We feel that there are potentially other stacks affected by similar issues, but future research needs to be done to determine this". Microsoft deployed a patch to fix the bug in July. You can check its status here.
There are various known Bluetooth vulnerabilities as given in a guide by NIST and chances are that if you are behind on the latest security patches for your phone chances are that you could be exposed to this vulnerability real quick.
These are especially some of the iPhone and the Android smartphones that may still be vulnerable.
For Android users, the problem is a little more prevalent.