Google has revealed a serious security flaw affecting its Android OS. As disclosed, a Bluetooth subsystem vulnerability affected the Android OS that could allow remote code execution on the target devices.
A serious bug was present in Google’s Android OS that threatened the security of numerous users across the globe. The bug first caught the attention of security researcher Jan Ruge from Technische Universität Darmstadt, Secure Mobile Networking Lab. Sharing his findings in a blog post, the researcher stated,
A remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known.
The bug predominantly affected Android 8.0 to 9.0, where an attacker could exploit the flaw to steal user data or spread malware. However, in the case of Android 10, exploiting this vulnerability could only lead to the crashing of the Bluetooth daemon. The researcher did not evaluate the vulnerability and subsequent exploit for Android versions older than 8.0. So, it is possible that the same flaw may also affect older Android devices as well.
As stated in their Android bulletin,
The most severe vulnerability… could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.
The bulletin labels this vulnerability as a critical severity flaw in the case of Android 8.0, 8.1, and 9.0. Whereas, for Android 10, Google dubbed it a moderate severity bug.
Source: Latest Hacking News