Android Bluetooth vulnerability

It’s no secret that the Android OS is not that private, safe, and secure. It still is one of the most customizable platforms so people still prefer it. The Google development team has been working hard to ensure security is improved but sometimes, there are instances that the system or at least a part of it becomes vulnerable to outside forces. The last report was about one that affected the Android Bluetooth subsystem’s critical vulnerability. That was back in November 2019. But good news, the problem now has a solution via a security patch.

To review, the previous issue was very noticeable on Android 8.0 Oreo and Android 9.0 Pie. A remote attacker within proximity was discovered able to execute some arbitrary code via Bluetooth connectivity. This could come silently and without the knowledge of the device owner.

All the attacker needs is an open Bluetooth connection plus the Bluetooth MAC address–even without user interaction. It can be done, resulting in the possible spread of malware or personal data theft. Interestingly, this one can’t be explored on Android 10 but older than Android 8.0 may also be affected.

Android 8 and Android 9 users are encouraged to get the February 2020 security patch. It should fix or remove the said vulnerability. There are some other safety tips you may follow to protect your device. For one, keep your phone or tablet non-discoverable. Ideally, devices can only be discovered when the Bluetooth scanning menu is entered but older devices may be very open or easily discoverable.

Bluetooth must only be enabled if you have too. Even Bluetooth enabled headphones must be turned off or non-discoverable when not in use.