Google fixes critical flaw in Android that let attackers gain access to your data using Bluetooth

    The security flaw allowed attackers to gain access to your data through Bluetooth and even spread malware.
    By HT CORRESPONDENT
    | Updated on Feb 09 2020, 03:07 PM IST
    Critical Bluetooth vulnerability in Android discovered
    Critical Bluetooth vulnerability in Android discovered (Reuters)
    Critical Bluetooth vulnerability in Android discovered
    Critical Bluetooth vulnerability in Android discovered (Reuters)

    Google has fixed a critical security flaw in Android smartphones that would have allowed attackers to gain access to your data through Bluetooth. The fix is available through Android February 2020 Security Bulletin which has already begun rolling out. The exploit was discovered in older versions of Android such as Android 9 and Android 8.

    Also read: Looking for a smartphone? To check mobile finder click here.

    The security flaw was discovered by researchers at ERNW, a Germany-based cyber security firm. Google has assigned this vulnerability CVE-2020-0022 and is part of the latest February security patch for the Android users.

    ERNW security researchers report that the vulnerability allowed attackers to target phones running on Android 8.0 or Android 9.0 by quietly executing an arbitrary code with the "privileges of the Bluetooth daemon as long as Bluetooth is enabled." Researchers added that the hack didn't require any action from user until Bluetooth is turned on.

    ALSO READ: Credit, debit card data of half a million Indians up for sale on dark web

    "No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm)," said security researchers in a post.

    ALSO READ: Facebook's Twitter, Instagram and Messenger accounts hacked by OurMine

    Researchers, however, noted that they could not replicate the same hack for phones run on Android 10, but the vulnerability existed in the newer version as well. But they cautioned, the Android versions even older than 8.0 may be affected by the vulnerability.

    Users with Android 8 or 9 are recommended to download the latest February 2020 security patch to have the flaw fixed. In case, you haven't received the update yet, you can turn off Bluetooth unless you're actually using the feature, say pairing a device. As suggested by CNET, you can change the Settings to ensure your device is not discoverable to others via Bluetooth.

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 09 Feb, 03:05 PM IST
    NEXT ARTICLE BEGINS
    keep up with tech