Android smartphones have allegedly a Bluetooth security flaw that can be exploited to deliver malicious files. Security researchers at ERNW, discovered the Bluetooth flaw, BlueFrag, last November. BlueFrag can be leveraged by an attacker to deliver malware on to a smartphone that is in proximity as long as Bluetooth is on.
The flaw requires no user interaction and the only thing an attacker need is the Bluetooth MAC address of the target device(s). For some devices, this can be easily scooped from the WiFi MAC address.
This flaw can be used to spread malware as well as steal personal data, according to the team. BlueFrag affects all Android phones running Android 8 Oreo or Android 9 Pie but doesn’t affect Android 10. With most Android phones running Pie – around 42 percent (statcounter) – hundreds of millions of devices are at risk.
Combining the Pie market share with Oreo, over half of the android smartphones globally can be affected by BlueFrag.
The impact that BlueFrag could have hasn’t been determined yet, says the team.
A patch to this flaw has been released this month as part of the February 2020 security patch. Yet another time that I should remind you of the importance of updating your device(s) soon as you spot an update.
However, it will not be surprising that some devices lack security patches. In that case, only enable Bluetooth when necessary and make your device non-discoverable. The sad part is some old phones have the feature turned on permanently.