A flaw in Android uses Bluetooth to execute malicious code

Although Android is a modern, robust and reliable operating system, it is obviously inclined to present security holes that can compromise its operation. An important Android vulnerability related to the Bluetooth module has been discovered which allows an attacker to execute malicious code without arousing suspicion.

Android 9 Pie and Android 8 Oreo are victims of a serious Bluetooth module security bug

The flaw was discovered by Jan Ruge, a researcher at the Technical University of Darmstadt in Germany, who isolated the flaw in order to study it in depth. From his discoveries it is clear that the flaw requires two particular conditions in order to be exploited by an attacker:

  • presence of a smartphone equipped with Android 9 Pie or Android 8 Hours with active Bluetooth module;
  • knowledge of the MAC address  associated with the Bluetooth module.

In the presence of both conditions, the flaw with CVE-2020-0022 identification, these would allow remote access and execution of malicious code on Android devices. Ruge announced the discovery to Google last November 2019, that officially resolved with the arrival of the security patches of February 2020  – link to the Android security bulletin.

Android security is a very important element for Google. In fact, we must not forget that, thanks to the bounty program, the US company encourages independent researchers and external companies to test the strength of Android behind a cash compensation in case of discoveries such as those we have just seen.

Izaan Zubair
Izaan Zubair
Izaan is founder of TechLapse. Izaan developed interest in computers from young age and most of his skills and knowledge are self taught. He can be reached at: [email protected]

Recent News