Update Your Android Device to Fix This Bluetooth Bug

One way to lessen the risk is ensure that your phone is in non-discoverable mode when Bluetooth is on.


If you are using an older Android device running Android 8 or 9, you need to be careful of using Bluetooth. A bug was discovered by German IT cyber-security firm ERNW that allows anyone within range of a Bluetooth-enabled Android device to gain access to the device’s storage.  

The vulnerability, tracked as CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0). For these devices that account for almost two-thirds of Android devices in use, the flaw is rated critical by Google.

The consequences of this vulnerability can lead to the theft of personal information or the injection of malware into the smartphone. To make things worse, it can be exploited without user intervention, as long as Bluetooth is turned on, explains the the ENRW’s bug report.

All that the hacker needs is some extra details about the device—specifically its Bluetooth MAC address—before they can fully access the internal storage remotely, but as, that’s relatively easy to figure out. And once they’re in, an attacker could easily lift personal files and install malware or other spyware on the device without ever alerting the phone’s user.

The bug is much less of a problem for Android 10, where it cannot be exploited and leads ‘only’ to a crash of the Bluetooth daemon. Those versions of Android even older than 8.0 could also suffer from the Bluetooth vulnerability, but those versions have not been tested, the report said.

Users are strongly advised to install the latest available security patch from February 2020. Users can download and install the patch if it’s available for you via the standard Android system update process.

If you can’t install the February 2020 security update because your Android is too old, the next-best solution is to stop using Bluetooth. This makes it impossible for hackers to use the exploit against you, though it also disables your ability to use Bluetooth accessories.

The report mentions if you own a Google-branded smartphone such as Pixel, you’re in luck. By contrast, patching may not be as fast as desired for many other Android device owners, who need to wait for their phone manufacturers or carriers to roll out the updates. Worse, many devices may no longer be supported.

One way to lessen the risk is ensure that your phone is in non-discoverable mode when Bluetooth is on. Alternatively, enable Bluetooth only if necessary and remember to turn it off when not in use.

TAGS: Android, Bluetooth, Bugs, Android 8, cyber security, Cybersecurity, Android Oreo