Home  ›  News  ›

Android February Security Patch Fixes Critical Bluetooth Vulnerability

Article Comments  

Feb 7, 2020, 12:08 PM   by Rich Brome   @rbrome

A security flaw has been found in Android that allows attackers to access a phone via Bluetooth with no user interaction required. Android's most recent monthly security update, released on February 3rd, fixes the flaw. The vulnerability is rated "critical" — the highest rating — for Android versions 8 and 9. In Android 10, the same bug allows a remote attacker to crash the Bluetooth system, but does not present the same security vulnerability. Attackers must be within Bluetooth range (typically around 30 feet) to exploit the flaw. Users can ensure they're not vulnerable by turning off Bluetooth until their phone receives the February update. There are ways to continue using Bluetooth in public while making it difficult to exploit the flaw. Attackers need to know your Bluetooth MAC address (device ID). This can be obtained in two ways: The first is if your phone is in Bluetooth "discoverable" (pairing) mode. Also, on some devices, the Bluetooth MAC address can be deduced from the Wi-Fi MAC address. Therefore users with a non-updated Android phone who are concerned about the issue should avoid pairing new Bluetooth devices while near any public areas, and keep Wi-Fi turned off on their phone.

ZDNet »

more news about:

Android
 

AD

Comments

This forum is closed.

This forum is closed.

No messages

 
 
Page  1  of 1

Subscribe to news & reviews with RSS Follow @phonescoop on Twitter Phone Scoop on Facebook Subscribe to Phone Scoop on YouTube Follow on Instagram

 

All content Copyright 2001-2020 Phone Factor, LLC. All Rights Reserved.
Content on this site may not be copied or republished without formal permission.