The one thing updating as constantly as technology itself is the speed at which hackers are updating their arsenal of attacks against devices. While we still see hacking as someone fervently typing lines and lines of code, it has long changed it’s form. Now we see the likelihood of being hacked even as both the parties are simply walking.
Only recently, researchers at ERNW Insulator, a German security firm have found evidence of the existence of a significant vulnerability that would allow hackers to run malicious code on some Android versions and devices by injecting a custom code through the device’s Bluetooth.
This vulnerability, named CVE-2020-0022-BlueFrag is yet to be patched in the February 2020 security patch. If this security patch is not applied, this vulnerability has the potential to let outsiders, the attackers to steal personal data on Android devices running Oreo (8.0) and Pie (9.0) versions without any confirmation or interference from the user.
All the attacker needs to do is be situated within the Bluetooth range of your device along with the Bluetooth MAC address to take all the information from your phone. The report released also mentions that this could be a threat if the device is running Android versions lower than 8.0.
There is no technical report published for the public’s perusal on this vulnerability in an attempt to curb potential hackers from taking advantage of this. ERNW Insulator is going to release the description and proof of concept code regarding this vulnerability only once the OEMs have released security patches for the same.
However, in case your phone is running Android 10, then you have nothing to worry because the attackers will not be able to take advantage of the vulnerability. When the researchers tried exploiting the vulnerability on devices running Android 10, the Bluetooth crashed.
In essence, this vulnerability can only be eliminated in two cases: by an upgrade to Android 10, or with the release of the February 2020 security patch. This means that there is no solution for devices that are not receiving any updates and security patches as they will remain forever vulnerable. In these cases, until your device receives the security patch, it is recommended that you switch on the device’s Bluetooth only when in use and use it on non-discoverable mode.
Employ safe techniques when online or offline with your devices and install updates as and when your manufacturer pushes them. The only way to combat such cyber-attacks is to remain vigilant and educated on the forms they are taking.