FLAW ALLOWS MALWARE TO BE SENT VIA BT
Security researchers at ERNW have discovered a bug in Android phones that allows attackers to silently deliver malware via the phone’s bluetooth.
The bug, BlueFrag, for now, affects Android smartphones that run on older version of the OS — Oreo and Pie. However, users can protect themselves from the vulnerability by installing the February patch.
According to the researchers at ERNW, the intruder only needs to know the Bluetooth MAC address of the target that can easily be guessed by looking at the Wi-Fi MAC address.
The nature of the flaw means that the attacker will have to be relatively close to its target. This will mainly be a concern in public spaces where there's an abundance of targets.
However, Android 10 can users can breather easy as the vulnerability doesn’t affect them. But, ERNW researchers didn’t confirm if the older versions before Android 8 are also affected. The team hadn’t “evaluated the impact” on older releases, said ERNW.
However, the problem remains that the flaw remain unpatched as Google directs popular phone makers to provide security updates for nearly two years.
In that regard, the Android 8 OS is well past that two year mark. Moreover, Vendors go up to 90 days before patching a flaw.