 |
| Android allows attackers to send malware over Bluetooth |
Android has discovered a new vulnerability called BlueFrag called CVE-2020-0022 that allows code to be executed on some Android devices via Bluetooth so that attackers can send malware over Bluetooth.
ERNW, the Heidelberg-based IT security company, has announced that the vulnerability could allow data theft from nearby Android 8 Oreo and Android 9 Pie phones. Hackers need to know the target's Bluetooth MAC address, which makes it easy to guess the MAC MAC address.
According to German ERNW Electronic Security, user intervention is not required to exploit this error, and the user is not aware of an attack. Bluetooth only needs to be activated, and this can generally happen in some places if the user’s device and Bluetooth are relatively close to the attacker.
After Google corrects this vulnerability, users can protect themselves by installing the February 2020 security patch.
BlueFrag vulnerability does not apply to Android 10. Researchers believe older versions may be weak, but the ERNW team has not evaluated the impact on older versions.
The problem is that many affected devices cannot get updates all the time, while Google requires only two years of security updates from well-known phone manufacturers and the policy appears to have been applied. Early 2019.
Since Android 8 version is older than two years, devices running this version may not be able to fix BlueFrag if the phone is old enough.
These requirements also allow service providers 90 days before bug fixes. This could expose users to months of attack, even if they are affected by a security update.
If debugging is not available, ERNW recommends Bluetooth activation only when necessary. It is best not to recognize the device when the Bluetooth function is activated, as it is hidden on the other devices being searched, which is a paired device.