This week, Google developers released a February update for Android. Among them is a fix for a critical vulnerability in the Bluetooth component of the OS. According to information security experts, this problem can be used without any interaction with the user, including to create self-propagating Bluetooth worms.
The vulnerability received the identifier CVE-2020-0022 and was discovered by specialists of the German company ERNW. The bug was reproduced on Android 8 and 9, but researchers are sure that older versions of the operating system are also vulnerable. CVE-2020-0022 does not work only against Android 10 (causing only the Bluetooth daemon to crash).
To operate the problem, you do not need any interaction with the user, it is enough that Bluetooth is enabled on the victim’s phone. It should be noted here that modern versions of the Android OS come with Bluetooth enabled by default, and many users use Bluetooth headphones, that is, Bluetooth is now enabled on many devices.
ERNW experts write that the vulnerability allows an attacker to quietly execute arbitrary code with the privileges of a Bluetooth daemon. In fact, the attacker only needs to know the Bluetooth MAC address of the target device, which in some cases can be determined through the Wi-Fi MAC address. In the event of a successful attack, an attacker will be able to steal the victim’s personal data, and also a potential bug can be exploited to spread the malware through Bluetooth.
Researchers plan to publish technical details and an exploit for this vulnerability later, but for now, they give users time to install updates.