A critical security flaw in Android could allow attackers to send harmful files to your smartphone via Bluetooth.
The vulnerability was discovered by security researchers at ERNW in November 2019. Researchers said it could be exploited to by malicious actors to steal personal data or spread malware.
“On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled,” ERNW said.
The researchers said that no actions are required from the user’s side – attackers only have to know the Bluetooth MAC address of the targeted device.
“For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address,” ERNW added.
The researchers strongly recommended that users of the affected operating systems install the latest February 2020 security patch from Android, which fixes the issue.
In the event that an update is not yet available for your device, ERNW advised the following:
- Only enable Bluetooth if strictly necessary.
- Keep your device non-discoverable. Most are only discoverable if you enter the Bluetooth scanning menu. Nevertheless, some older phones might be discoverable permanently.
To check for and download the latest updates for your Android device, navigate to Settings on your phone and go to either the “Software Update” or “About phone” menus.
For further instructions, visit the Android Help support page.