NinFan

They find significant Bluetooth vulnerabilities in Android that allow remote encoding

Android, Bluetooth, encoding, find, remote, significant, vulnerabilities


Bluetooth damage is nothing new. For example, in 2017 we were acquainted with BlueBorne, which has affected many other Bluetooth devices in addition to Android phones. Three years later, German security experts found out and other Bluetooth risks baptize it as BlueFrag.

This vulnerability allows an attacker activation code from a mobile phone nearby with Android 8 Oreo or Android 9 Pie. The good news is that this vulnerability has been prevented from updating the February 2020 Android security.

What is BlueFrag?

Mac The attacker only needs a Bluetooth MAC address for mobile

All the details of the performance of these risks have not yet been made public, as the guidelines for the highest risk reporting indicate that expectations should be made available to many users. So we do not have proof of how we see bullying, but we do know its core values ​​as well how does that affect the programs.

BlueFrag is a threat to the presence of Bluetooth on the Android received interface CVE-2020-0022. By taking advantage, the attacker can developed code with advanced rights on the Android phone close, subject to certain conditions.

The vulnerability affects Android Oreo and Pie and requires that the mobile phone is Bluetooth enabled

To get started, you said a cellphone needs to have Bluetooth is activated and has Android Oreo or Android Pie is included. Investigators say it may have affected previous versions of Android, while using Android 10 codes was not available, but restricted to Bluetooth control only.

There is an additional need, and that is what the attacker needs Know the MAC address Bluetooth mobile. This limits the range of calls visible to Bluetooth, although researchers say that sometimes a MAC Bluetooth address can be transmitted by knowing the Wi-Fi MAC address of the same phone.

Having a MAC address, this attack is completely invisible to the victim, who It requires no intervention by the user, and receive no notification that something is happening on the phone.

Pool, on the way

Spots

Risk already exists and is included in February security pack, which is now in the hands of manufacturers distributing different models. Some will get it over the next few days, while there are models that get patches quarterly or may not receive them directly.

If this is your case, you probably don't have much to worry about whether you have Android 8 or Android 9 on your phone and you always have Bluetooth enabled. Due to its characteristics, this vulnerability is well suited to systematic attacks. However, if you are concerned about this issue, via keep Bluetooth off your phone when you're away from home It should be enough.

More details | Installer

Leave a Comment