Cyberthreats are everywhere. Features we believe to be cool are sometimes loaded with enough vulnerabilities to give access to attackers and exploit us. Here’s a new story of basic feature, Bluetooth being vulnerable to Remote Code Execution (RCE) attacks on Android versions 8 and 9. Realising this, Android has recently released a patch for safeguarding phones from this flaw.
Critical Enough
Insinuator, who first reported this flaw back in November last year, researched and resulted in this to be affecting Android smartphones with Android versions Oreo (8.1 and 8.0) and Pie (9). Further, they’ve also reported the latest Android 10 could be hit too, but limited.
The flaw was discovered in the most commonly used feature, Bluetooth. Tagged with CVE code 2020-0022, technical details of this vulnerability weren’t revealed yet. The discoverer, Insinuator said it would be revealing the exploit description and proof-of-concept code soon after they believe the community has upgraded with patches.
As of now, this flaw needs the attacker to be in proximity range (Bluetooth’s limited distance) and should be knowing the victim’s Bluetooth MAC address, which is almost easy to find. For some devices, the Bluetooth’s MAC address can be deduced from their Wi-Fi MAC address. This is so critical that, this exploitation doesn’t need any user interaction, and can give the attacker deep access into the phone and may let him steal any sensitive data available.
While the Android versions 8 and 9 are called to vulnerable, the latest Android 10 to has risk. Though it cannot be exploited to deep access, the technical specifications of Android 10 hedge the attacker to limited trails, which leads in crashing the Bluetooth daemon. Older versions below Oreo could be affected too but were not tested by researchers.
Defending against
Android has released a patch for this vulnerability in its February Security Bulletin and urges everyone to apply it immediately. If not, as Insinuator recommended, using the Bluetooth only when really necessary or, tuning it into Not-discoverable could help to prevent any RCE hacks.
