On November 3 last year, ERNW, an IT security firm found a new critical Bluetooth vulnerability in Android named BlueFrag (CVE-2020-0022). In work, this vulnerability allows silent code execution on the device that leads to data theft and spreading malware.
“On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to the theft of personal data and could potentially be used to spread malware (Short-Distance Worm).”
Devices on Android 10 are not exploitable for technical reasons and only result in a crash of the Bluetooth daemon. Moreover, Android devices running older versions than 8.0 might also be affected but we have not evaluated the impact.
And if you have no patch available yet or your device is not supported anymore, you can take the following measure:
- Only enable Bluetooth if strictly necessary. Keep in mind that most Bluetooth enabled headphones also support wired analog audio.
- Keep your device non-discoverable. Most are only discoverable if you enter the Bluetooth scanning menu. Nevertheless, some older phones might be discoverable permanently.