Android February Security Patch Fixes Critical Bluetooth Vulnerability
A security flaw has been found in Android that allows attackers to access a phone via Bluetooth with no user interaction required. Android's most recent monthly security update, released on February 3rd, fixes the flaw. The vulnerability is rated "critical" — the highest rating — for Android versions 8 and 9. In Android 10, the same bug allows a remote attacker to crash the Bluetooth system, but does not present the same security vulnerability. Attackers must be within Bluetooth range (typically around 30 feet) to exploit the flaw. Users can ensure they're not vulnerable by turning off Bluetooth until their phone receives the February update. There are ways to continue using Bluetooth in public while making it difficult to exploit the flaw. Attackers need to know your Bluetooth MAC address (device ID). This can be obtained in two ways: The first is if your phone is in Bluetooth "discoverable" (pairing) mode. Also, on some devices, the Bluetooth MAC address can be deduced from the Wi-Fi MAC address. Therefore users with a non-updated Android phone who are concerned about the issue should avoid pairing new Bluetooth devices while near any public areas, and keep Wi-Fi turned off on their phone.
Nov 6, 2017
Google today made its monthly security update available to its branded Android devices. November's patch plugs a handful of security holes that threaten Android devices.
Feb 5, 2018
Google today made the February security patch available to its Nexus and Pixel devices. First and foremost, the patch closes a number of security holes in the code that left all the handsets vulnerable to certain types of attacks.
Jan 19, 2018
Google has sent a fresh security patch to the Pixel 2 and Pixel 2 XL handsets. Google says the update "fixes critical bugs and improves the performance and stability" of the Pixel smartphones.
Jan 29, 2018
ZTE has pushed a maintenance release to its aging Axon 7 flagship handset device in order to patch up the phone's security. Primarily, the update applies Google's security fixes through the December 2017 patch.
Apr 12, 2018
Security Research Labs says Android phone makers often miss security patches but still tell owners the phones are up-to-date. Researchers Karsten Nohl and Jakob Lell examined the code of some 1,200 phones from more than a dozen phone makers for every security patch released during 2017.