BlueFrag, Bluetooth vulnerability might steal your Personal data in Android [Update your OS now!]

BlueFrag, a new Bluetooth vulnerability has been discovered by researchers. This vulnerability CVE-2020-0022 mainly affects Android Phones running Android 9 and Android 8 Operating System, researchers said on its blog.

On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm).

If you are running Android 10 or earlier versions of Android 8, then you are pretty much safe as the bug mainly affects the Android 8 and 9. On the Other hand if you are running Android 8 and 9, then its time for you to install February update which is now available.

Visit Settings -> About -> System updates to update your phone.  

Proof of Concept [POC] for CVE-2020-0022 hasn't been published yet by the team as the team strictly says, they will release the details only after all the Manufacturers released the update or when most of the phones are patched. But if you are security researcher then you can decode the details from the Official Android site documentation

What if the update is not available for your device ? simple use wired earphones, or set your Bluetooth un-discoverable, or just turn off Bluetooth when not in use till security update is available.

Also Read :

You no longer need to delete apps to install new apps, AppStreamer is on the Way !