Daxdi now accepts payments with Bitcoin

New Bug Hacks Android Devices Via Bluetooth

There’s a new reason to consider disabling your phone's Bluetooth connection when it’s not in use.

A security firm has uncovered a serious bug in Android’s Bluetooth subsystem that can be exploited to hack the device.

The vulnerability opens the door for a nearby hacker to execute computer code on phones running Android 8.0 to 9.0, according to Germany-based ERNW.

“No user interaction is required,” it warned.

The only factor that needs to be known is the device’s Bluetooth MAC address, which is often readily transmitted when the Bluetooth connectivity has been turned on.

If the vulnerability is exploited, the hacker can execute code on the Android device as a Bluetooth "daemon,” or background process.

For now, ERNW is refraining from offering more specifics to prevent anyone from abusing the flaw, but the security firm warns: “This vulnerability can lead to theft of personal data and could potentially be used to spread malware.” As an example, ERNW points to the danger of a hacker launching a “short-distance” computer worm to attack vulnerable Android phones within the vicinity.

The good news is that Google patched the flaw with its February 2020 Android security update.

The only problem is that Android smartphone vendors can be notoriously slow to roll out updates to customer phones, sometimes taking weeks or months.

In other cases, the vendor may have dropped security support altogether on the pretense the phone model is too old.

As a result, ERNW is advising affected customers to only enable Bluetooth connectivity when necessary until their phones receive the patch.

Unfortunately, the growing prevalence of wireless headphones may make that difficult.

But the cybersecurity firm says another option is to keep your Bluetooth connection “non-discoverable,” which you can toggle on within an Android phone’s settings, usually under the Bluetooth panel.

It isn't the first time security researchers have uncovered a serious flaw in the Bluetooth protocol.

In 2017, a separate security firm discovered eight vulnerabilities in the technology that could also be used to spread malware among Android, iOS, and Windows devices.

Recommended by Our Editors

The key limitation with Bluetooth flaws is how the attacker usually has to be physically near your device to exploit them.

So it's not exactly practical for a cybercriminal to abuse. 

The vulnerability also affects unpatched Android 10 systems, but it’ll only trigger the Bluetooth background processes to crash if exploited.

There’s a new reason to consider disabling your phone's Bluetooth connection when it’s not in use.

A security firm has uncovered a serious bug in Android’s Bluetooth subsystem that can be exploited to hack the device.

The vulnerability opens the door for a nearby hacker to execute computer code on phones running Android 8.0 to 9.0, according to Germany-based ERNW.

“No user interaction is required,” it warned.

The only factor that needs to be known is the device’s Bluetooth MAC address, which is often readily transmitted when the Bluetooth connectivity has been turned on.

If the vulnerability is exploited, the hacker can execute code on the Android device as a Bluetooth "daemon,” or background process.

For now, ERNW is refraining from offering more specifics to prevent anyone from abusing the flaw, but the security firm warns: “This vulnerability can lead to theft of personal data and could potentially be used to spread malware.” As an example, ERNW points to the danger of a hacker launching a “short-distance” computer worm to attack vulnerable Android phones within the vicinity.

The good news is that Google patched the flaw with its February 2020 Android security update.

The only problem is that Android smartphone vendors can be notoriously slow to roll out updates to customer phones, sometimes taking weeks or months.

In other cases, the vendor may have dropped security support altogether on the pretense the phone model is too old.

As a result, ERNW is advising affected customers to only enable Bluetooth connectivity when necessary until their phones receive the patch.

Unfortunately, the growing prevalence of wireless headphones may make that difficult.

But the cybersecurity firm says another option is to keep your Bluetooth connection “non-discoverable,” which you can toggle on within an Android phone’s settings, usually under the Bluetooth panel.

It isn't the first time security researchers have uncovered a serious flaw in the Bluetooth protocol.

In 2017, a separate security firm discovered eight vulnerabilities in the technology that could also be used to spread malware among Android, iOS, and Windows devices.

Recommended by Our Editors

The key limitation with Bluetooth flaws is how the attacker usually has to be physically near your device to exploit them.

So it's not exactly practical for a cybercriminal to abuse. 

The vulnerability also affects unpatched Android 10 systems, but it’ll only trigger the Bluetooth background processes to crash if exploited.

Daxdi

pakapuka.com Cookies

At pakapuka.com we use cookies (technical and profile cookies, both our own and third-party) to provide you with a better online experience and to send you personalized online commercial messages according to your preferences. If you select continue or access any content on our website without customizing your choices, you agree to the use of cookies.

For more information about our cookie policy and how to reject cookies

access here.

Preferences

Continue