Android flaw BlueFrag lets attackers send malware over Bluetooth


San Francisco, Feb 10 (IANS): Researchers and independent IT Security service provider ERNW have discovered a vulnerability named BlueFrag that lets attackers silently deliver malware to and steal data from nearby smartphones running Android 8 Oreo or Android 9 Pie operating system (OS).

The vulnerability BlueFrag does not work with Android 10 OS. It's possible that versions before Android 8 are affected, but the team hadn't "evaluated the impact" on older releases.

The intruder only needs to know the Bluetooth MAC address of the target, and that's sometimes easy to guess just by looking at the WiFi MAC address. You won't even know the attack is happening, ERNW said, Engadget reported on Monday.

According to the researchers, users can protect themselves by installing the February 2020 security patch and the Bluetooth nature of the flaw means that the users have to be relatively close to an attacker.

This will mainly be a concern in public spaces where there's an abundance of targets, the report added.

It also means devices still on Android 9 Pie or below, probably still don't have much to worry about -- finding the Bluetooth MAC address isn't always a simple task.

  

Top Stories


Leave a Comment

Title: Android flaw BlueFrag lets attackers send malware over Bluetooth



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.