Android Bluetooth Vulnerability Allowed Exploit Without User Interaction

  • 1

Google has revealed a serious security flaw affecting its Android OS. As disclosed, a Bluetooth subsystem vulnerability affected the Android OS that could allow remote code execution on the target devices.

Android Bluetooth Vulnerability

A serious bug was present in Google’s Android OS that threatened the security of numerous users across the globe.

The bug first caught the attention of security researcher Jan Ruge from Technische Universität Darmstadt, Secure Mobile Networking Lab. Sharing his findings in a blog post, the researcher stated,

A remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known.

The bug predominantly affected Android 8.0 to 9.0, where an attacker could exploit the flaw to steal user data or spread malware. However, in the case of Android 10, exploiting this vulnerability could only lead to the crashing of the Bluetooth daemon.

The researcher did not evaluate the vulnerability and subsequent exploit for Android versions older than 8.0. So, it is possible that the same flaw may also affect older Android devices as well.

Google Released Patches

The vulnerability was assigned the following CVE-2020-0022, in November 2019. He then reported the flaw to Google, who have addressed the vulnerability with February 2020 updates.

As stated in their Android bulletin,

The most severe vulnerability… could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

The bulletin labels this vulnerability as a critical severity flaw in the case of Android 8.0, 8.1, and 9.0. Whereas, for Android 10, Google dubbed it a moderate severity bug.

Since Google have just released the patches, users of Android 8.0 and above must ensure they update their devices to the latest versions. Users of older Android versions must stay vigilant when using Bluetooth connectivity on their devices. They should keep their devices non-discoverable and should enable Bluetooth only when required.

Let us know your thoughts in the comments.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Feel free to leave a comment

Do NOT follow this link or you will be banned from the site!