Although Android is a modern, robust and reliable operating system, it is obviously inclined to present security holes that can compromise its operation. An important Android vulnerability related to the Bluetooth module has been discovered which allows an attacker to execute malicious code without arousing suspicion.
Android 9 Pie and Android 8 Oreo are victims of a serious Bluetooth module security bug
The flaw was discovered by Jan Ruge, a researcher at the Technical University of Darmstadt in Germany, who isolated the flaw in order to study it in depth. From his discoveries it is clear that the flaw requires two particular conditions in order to be exploited by an attacker:
- presence of a smartphone equipped with Android 9 Pie or Android 8 Hours with active Bluetooth module;
- knowledge of the MAC address associated with the Bluetooth module.
In the presence of both conditions, the flaw with CVE-2020-0022 identification, these would allow remote access and execution of malicious code on Android devices. Ruge announced the discovery to Google last November 2019, that officially resolved with the arrival of the security patches of February 2020 – link to the Android security bulletin.
Android security is a very important element for Google. In fact, we must not forget that, thanks to the bounty program, the US company encourages independent researchers and external companies to test the strength of Android behind a cash compensation in case of discoveries such as those we have just seen.