1. Are you ready for the Galaxy S20? Here is everything we know so far!
    Android Bluetooth Vulnerability Allows Exploit Without User Interaction
    Heard about this on the Security Now Podcast, SN753

    "STEVE: So against 9.0 Pie and Oreo, Pie and Oreo 8.0, 8.1, and 9.0. The researcher said that a remote attacker within Bluetooth range can silently execute arbitrary code with the privilege of the Bluetooth Daemon, and it runs in the kernel. The flaw is worrisome because no additional interaction is required, and only the Bluetooth MAC address of the target device needs to be known to launch an attack.

    Okay. So, well, there are a couple reasons that's not comforting, because it turns out that for many devices the Bluetooth MAC address can be deduced from the WiFi MAC address. They're often sequential. And so WiFi is easily known. It's being broadcast by the smartphone's WiFi. So obtaining the Bluetooth MAC address is probably a matter of adding or subtracting one, depending upon which phone you're using, and maybe they're all the same. I haven't looked.

    The same vulnerability does impact Google's most recent Android v10. However, with Android 10, the severity rating is dropped to moderate rather than critical because the impact is not a remote code execution as a consequence of other changes made in Android 10. It will crash the Bluetooth daemon, but it won't give you remote code execution access. And they did not test any Android versions older than 8. So we don't know either way whether those may be affected. The flaw's discoverers said they are confident all patches - they said, sorry, once they are "confident" - and I put "confident" in quotes in the show notes because you'll see where I'm going - all patches have reached the end users, they will publish a technical report on the flaw that includes a description of the exploit as well as proof of concept code."
     
  1. Dannydet

    Dannydet Extreme Android User

    Time to keep my Bluetooth off...
     
    mikedt likes this.
  2. svim

    svim Extreme Android User

    Yes this is troubling but it needs to be noted that Android Bluetooth has had numerous exploits revealed every year going back several years:
    https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=android+bluetooth
    ..... and this just includes what have been found and revealed, odds are there a more that just haven't been exposed yet if ever.
    Unfortunately most people aren't aware of this and those who are tend to opt for the convenience of wirelessly connecting peripherals over security anyway.
     
    GIA0929143315, Dannydet and mikedt like this.
  3. Dannydet

    Dannydet Extreme Android User

    Time to keep my Bluetooth on...
     
    GIA0929143315 likes this.
  4. Wonder if you can ever find out if something like this happened to me. I hear people all the time say that they've been hacked and I wonder. For the past 5 years I've had numerous problems with several different phones. Seems as if one person in my life has always known what I was doing and who I was talking to. At one point she knew word for word a specific text message. She fraudulently used my credit card and bank account to purchase things from apps. I have always had the same problems with each phone until it eventually stopped working all together but not before I was locked out of all my accounts Facebook, Google etc. Any thoughts???
     
  5. svim

    svim Extreme Android User

    Sounds more like you need to address locking down your online social media accounts. Compromising multiple phones the same way is very unlikely, but once someone has gotten access to one or more of your online accounts than it's just a matter of once you set up each new phone they still have control of your online account(s). Whether this involves one phone or ten, it's the online access you set up on each phone you need to look into.
     
    mikedt likes this.
Loading...
Similar Threads - Android Bluetooth Vulnerability
  1. Kuldip Somwanshi
    Replies:
    0
    Views:
    852
  2. ChanceTheAuthor
    Replies:
    2
    Views:
    605
  3. tinker123
    Replies:
    1
    Views:
    590
  4. EJB986
    Replies:
    0
    Views:
    525
  5. LitonU
    Replies:
    2
    Views:
    595
  6. Daronee
    Replies:
    0
    Views:
    3,216
  7. AdrienBoub
    Replies:
    0
    Views:
    1,365
  8. mike WRIGHT
    Replies:
    2
    Views:
    447
  9. Alvaro Vargas
    Replies:
    3
    Views:
    1,956
  10. anthr
    Replies:
    0
    Views:
    481

Share This Page

Loading...