There is a new reason to disable the Bluetooth connection of your phone when it is not in use. A security company has discovered a serious error in the Android Bluetooth subsystem that can be exploited to hack the device.
According to the German ERNW, the security vulnerability opens the door for a hacker to run computer code on Android phones version 8.0-9.0. “No user interaction is required,” he warned. All you need to know is the Bluetooth MAC address of the device, which can often be easily transferred when you turn on Bluetooth.
If used, the hacker could run the code on an Android device as a Bluetooth “daemon” or as a backend. Until now, ERNW has refrained from providing more accurate information to prevent misuse. However, the security company warns: “This vulnerability could lead to the theft of personal information and could be used to spread malware.” For example, Android ERNW cell phones.
The good news is that Google corrected the Android security update error of February 2020. The only problem is that it is known that Android smartphone manufacturers slow down to spread customer phone updates, which sometimes can take weeks or months. In other cases, the provider may have given up security support to pretend that the phone model is too old.
As a result, ERNW recommends that relevant customers only activate Bluetooth when necessary until their phones receive the patch. Unfortunately, the proliferation of wireless headphones can make the situation worse. However, the cybersecurity company claims that another option is to keep the Bluetooth connection “undetectable.” You can enable this option in the settings of your Android phone, usually in the Bluetooth control panel. This is not the first time that security researchers identify a fatal error in the Bluetooth protocol. In 2017, a security company discovered eight technological vulnerabilities that could also be used to distribute malware to Android, iOS and Windows devices.
The main limitation of Bluetooth errors is that an attacker would normally have to be physically close to his device to take advantage of them. Therefore, the abuse of cybercrime is not very practical.
The vulnerability also affects Android 10 systems that are not used, but only activates a blocking of Bluetooth backend processes if they are exploited.