Jump to content

Search the Community

Showing results for tags 'androids bluetooth component'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. Fixes are available via the Android Security Bulletin for February 2020. Google has patched this week a critical security flaw in Android's Bluetooth component. If left unpatched, the vulnerability can be exploited without any user interaction and can even be used to create self-spreading Bluetooth worms, experts said. Fixes for the bug are available via the Android February 2020 Security Bulletin, which has been available for download starting this week. The actual bug is tracked as CVE-2020-0022, and was discovered and reported to Google by experts from German cyber-security firm ERNW. Can be used to create self-spreading Bluetooth worms Researchers said that exploiting the bug requires no user interaction. All that is required is that the user has Bluetooth enabled on his device. However, while this requirement would have limited the attack surface in past years, it does not today since modern Android OS versions ship with Bluetooth enabled by default and many Android users use Bluetooth-based headphones meaning the Bluetooth service is likely to be enabled on many handsets. Proximity to a target is also required, but this is self-implied for any type of Bluetooth exploitation. The ERNW researchers say the bug allows an attacker to "silently execute arbitrary code with the privileges of the Bluetooth daemon." "No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address," they added. "This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm)," the ERNW researchers said. Bug works on Android 9 and earlier The vulnerability was successfully tested on Android 8 and 9, but researchers believe older versions are also likely vulnerable. CVE-2020-0022 doesn't work on Android 10, though, where it only causes a crash of the Bluetooth daemon. The ERNW team said it plans to publish in-depth technical details about this bug later, but, in the meantime, they're giving Android users a warning and more time to install the February 2020 security updates. If users can't update -- for various reasons -- then they can use follow simple rules to prevent attacks: Only enable Bluetooth if strictly necessary. Keep your device non-discoverable. Most devices are only discoverable if you enter the Bluetooth scanning menu. Nevertheless, some older phones might be discoverable permanently. The ERNW team also said they plan to publish proof-of-concept code to reproduce the bug, which will most likely be weaponized by some bad actors. Source
×
×
  • Create New...