Researchers from the German information security company ERNW have discovered a vulnerability in Bluetooth on Android devices. Exploitation of the vulnerability allows an attacker within Bluetooth range to gain access to data stored on the user's device, and also makes it possible to download malware without any action on the part of the victim.
The vulnerability in question has been identified as CVE-2020-0022. It affects devices with Android 9 (Pie), Android 8 (Oreo). It is possible that the problem also applies to earlier versions of the software platform, but researchers have not verified this information. As for Android 10, an attempt to exploit this vulnerability on a device running this OS results in Bluetooth freezing.
The report notes that to exploit the vulnerability, the attacker does not need to force the victim to take any action; it is enough to know the MAC address.
The vulnerability was discovered on November 3, 2019, after which researchers notified developers from Google about it. The issue was eventually resolved in the February security update for the Android platform. Users are advised to install this update package to avoid potential issues with Bluetooth data theft.
Experts recommend that users use Bluetooth in public places only when necessary. In addition, you should not make the device visible to other users, and you should not search for gadgets available via Bluetooth. In any case, these precautions will remain in effect until users install the February update on their devices.
Source: 3dnews.ru