Bluetooth vulnerability on Android

A newly discovered Bluetooth vulnerability on Android lets attackers execute arbitrary code and silently take remote control of Device without user interaction.

Security researchers discovered that Android 8 and 9 were affected by this vulnerability. Android 10 is not vulnerable but it leads to the crash of Bluetooth daemon.  

The vulnerability can be tracked as CVE-2020-0022, and the patch has been released in the latest security patch from Google’s Android Security Bulletin February 2020.  Users can also stay secure by installing latest patches and by enabling Bluetooth only “if necessary.”

Google rated the flaw critical. If the attacker is in close proximity of the targeted device and the device is in discoverable mode, they can potentially rob personal data, spread malware or spy on android devices remotely.

Mitigation-

  • Install the latest security patch
  • Disable Bluetooth if not in use
  • Keep device non-discoverable