It has always been advised to disable the Bluetooth connection of phone when it is not in use. Recently, security researchers discovered a bug in the Bluetooth subsystem of Android that can be misused to hack smartphones.
A Germany based firm ERNW, found out a vulnerability that can enable the nearby hacker to execute computer code on Android 8.0 to 9.0 version. However, "On Android 10, this vulnerability is not exploitable for technical reasons and only results in a crash of the Bluetooth daemon.", explained Jan Ruge. This hack does not require any user interaction. Hackers only need the Bluetooth MAC address of the device that is easily transferred once the connectivity of the Bluetooth is turned on.
Once the vulnerability is exploited, attackers can execute code as a Bluetooth background process on the Android device. ERNW has not provided any specifications as they could be used negatively to further misuse the flaw. However, it does warn that vulnerability can lead to unwanted malware and personal data leak.
Like, short-distance computer worm can be introduced by hackers to attack the vulnerable devices within the limit.
Though Google has fixed the flaw with its latest February 2020 Android security update but many of the users might have to wait, weeks or maybe months, to get the updates on the mobile devices. Also, it is possible that security support is no longer backed by the vendor because of the old model of the phone or operating system.
ERNW has bits of advice for people to keep their phones safe by connecting Bluetooth only when it is needed, until they get the patch on their devices. The wireless headphones can, however, might be an issue. To save yourself from unknown connections, it is better to set the Bluetooth connection to “non-discoverable” that can be easily done from within the Bluetooth settings.
To perform the trick, a hacker has to be physically near the device to exploit it.
Read next: The Latest In Physical Data Theft Threats (infographic)
A Germany based firm ERNW, found out a vulnerability that can enable the nearby hacker to execute computer code on Android 8.0 to 9.0 version. However, "On Android 10, this vulnerability is not exploitable for technical reasons and only results in a crash of the Bluetooth daemon.", explained Jan Ruge. This hack does not require any user interaction. Hackers only need the Bluetooth MAC address of the device that is easily transferred once the connectivity of the Bluetooth is turned on.
Once the vulnerability is exploited, attackers can execute code as a Bluetooth background process on the Android device. ERNW has not provided any specifications as they could be used negatively to further misuse the flaw. However, it does warn that vulnerability can lead to unwanted malware and personal data leak.
Like, short-distance computer worm can be introduced by hackers to attack the vulnerable devices within the limit.
Though Google has fixed the flaw with its latest February 2020 Android security update but many of the users might have to wait, weeks or maybe months, to get the updates on the mobile devices. Also, it is possible that security support is no longer backed by the vendor because of the old model of the phone or operating system.
ERNW has bits of advice for people to keep their phones safe by connecting Bluetooth only when it is needed, until they get the patch on their devices. The wireless headphones can, however, might be an issue. To save yourself from unknown connections, it is better to set the Bluetooth connection to “non-discoverable” that can be easily done from within the Bluetooth settings.
To perform the trick, a hacker has to be physically near the device to exploit it.
Read next: The Latest In Physical Data Theft Threats (infographic)