Researchers identified a security defect in the safety component of Android that could lead to a potential data violation. The bug was detected by the German security agency ERNW and reported to Google as CVE-220-022. The bug mainly affects Android 8 Oreo and Android 9 paste handsets. On Android 10, the Android daemon just crashes without any other malicious performance.
The bug requires only the device that Bluetooth is active from which the hacker is able without any user interaction to initiate malicious codes. Their Bluetooth is mostly switched on with phones connected to smartwatches, headphones, and speakers making them even more vulnerable.
The Bluetooth MAC address is just needed by the attacker and must also be in the vicinity of the WIFI MAC address to start the attack. The vulnerability allows attackers, according to ERNW researchers, “to secretly execute arbitrary code utilizing Bluetooth Daemon rights.” It may eventually lead to ransomware expanding to other computers and even jeopardize the personal data. Not only does this endanger your data, but also others near you.
This is addressed by Google in its February safety bulletin and a firmware update has been issued for patching this bug on its own nexus and pixel devices. Other companies were asked to do the same and to update them as quickly as possible.
Meanwhile, it is advised that when you do not use Bluetooth, you uninstall your phone and upgrade it to the new business.