ERNW Insulator is a well-known German security firm. Its researchers have found a vulnerability that lets attackers run malicious code on Android devices. They named the vulnerability as CVE-2020-0022 – BlueFrag. This vulnerability has been patched in the latest February 2020 security update.
According to the researchers of the firm, if this vulnerability was left unpatched then it would have been a big disappointment because this BlueFrag vulnerability allows malicious actors to steal personal data from your Android phones that run on Oreo 8.0 and Pie 9.0. The vulnerability could do this without even any kind of user interaction. Only the condition of the vulnerability to work is the attacker needs to be in the Bluetooth range along with the Bluetooth MAC address of the device to be hacked.
The researchers said that so far they did not publish any reports describing the vulnerability capabilities because the attackers could have taken advantage of that. Now, the researchers have revealed that once OEMs push security patches to their devices they will release the description and proof of concept code of the vulnerability one by one.
If your device runs on Android 10 then you need not worry about this BlueFrag. The researchers revealed that the exploit does not affect Android 10 because Bluetooth crashes automatically as soon as it is tried on an Android 10 device.
However, the report suggested that the vulnerability might attack devices that run on lower versions of Android below Oreo 8.0. To mitigate the issue, the researchers said, users should update their smartphones to the latest security patch available in order to stay safe.
They also disclosed that most Android phones running on Android Oreo probably would have reached EOL in terms of software updates and security patches and if this is the case then your handset would be left vulnerable forever if your smartphone brand doesn’t take an initiative to roll out the patch to its discontinued devices. However, even this is the issue, then researchers recommended to keep your handset undiscoverable in Bluetooth.