Last November, the security company ERNW reported a critical vulnerability that affected Android’s implementation of Bluetooth. The vulnerability, dubbed “BlueFrag,” has been assigned CVE-2020-0022 and affects Android versions 8 and 9. Although Android 10 is technically affected, the exploit currently only results in the Bluetooth daemon crashing on Android 10. Android versions 7 and below may also be vulnerable but have not yet been thoroughly tested. BlueFrag is capable of remotely running code on vulnerable Android devices with a few caveats:
- Bluetooth must be enabled
- An attacker must be in range
- An attacker must know the device’s Bluetooth MAC address
None of the above conditions are all that difficult for an attacker, however. Any time a Bluetooth capable device is in pairing mode or searching for a device to connect to, it is possible for anyone nearby to view the MAC address. Thankfully, Google has released the February 2020 security patch, which remediates this vulnerability and others.