ENRW: New critical vulnerability in Android devices allows cybercrime silently deliver malware, it’s dubbed “BlueFrag”
New critical vulnerability in Android devices allows cybercrime silently deliver malware. It’s dubbed “BlueFrag” and has been discovered by ERNW cyber security experts. The bad news is that the malicious actor only needs to know the Bluetooth MAC address of the target. The good one, is that the flaw doesn’t work with Android 10. In facts, it only results in a crash of the daemon. Versions even older than 8.0 might also be affected but researchers have not evaluated the impact. Users are strongly advised to install the latest available security patch from February 2020 or can try to mitigate the impact by some generic behavior rules:
- Only enable Bluetooth if strictly necessary. Keep in mind that most Bluetooth enabled headphones also support wired analog audio.
- Keep the device non-discoverable. Most are only discoverable if you enter the Bluetooth scanning menu. Nevertheless, some older phones might be discoverable permanently.
The cyber security experts: A malicious attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required
According to the cyber security experts, thanks to BlueFrag, a cybercrime attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm). The Bluetooth daemon is a process on the Android system that runs in the background, responsible for managing the Bluetooth controller and handling of various related protocols, such as HCI, L2CAP and GATT. As it has to process attacker-controlled input it is susceptible to attacks. In addition, it has to run with high privileges to support features.