Who is keeping your Android company?

Android Vulnerability, BlueFrag

Let’s start with BlueFrag

This is a critical security issue allows a malicious entity to silently log onto your phone via bluetooth . “This vulnerability can lead to theft of personal data and could potentially be used to spread malware ” (TechSecurity, 2020). This vulnerability affects Android versions 4.2, 6.0.1, 7.0 and 8.0. If you are on a version that is older than 3 years you will not receive any security patches from Google.

How to reduce the risk of a BlueFrag vulnerability on older versions .

Since there aren’t any software patches what you can do is to keep your bluetooth connection turned off when not in use and not to make your phone is not discoverable via bluetooth.

The danger of running unsupported Android OS versions is high.

The current Android version is 10 but there are a lot of phones (millions!) running older versions which are no longer supported by Android and hence not patched for vulnerabilities. I have a phone with such an older android operating system v4.2 KitKat) and I am sure it has been hacked and the apps infected by malware. It has come to my attention many apps on it have every permission under the sun and even if you force stop them, they restart on reboot. BlueFrag is just one vulnerability. There are a host of malware apps that can be downloaded from the Google’s PlayStore including ones that can steal payments information and other personal information. To my mind Google takes a flexible view on security policy when it comes to safeguarding users’ personal data. Google have only committed to 3 year support plan for each version release. So you should consider this if you are in the market for a second hand phone.

What’s to be done if you are on a older OS?

Ditch phones with older versions. Personally I wouldn’t run anything older that v6.0 (Marshmellow) which has more strict settings to what permissions an app is granted. On v6.0 apps have to be granted permissions explicitly by the user to access sub systems on your phone. Of’course this requires knowledge by the user to know which permissions to allow or deny an app when prompted.

If you have the ability you can use ADB (Android Debug Bridge ) utility to remove bloatware apps from your phone and generally manage what is on your phone, in a better way.

More is less.

Be very careful with which apps you install. Just because an app (application) is available from Google Play for download does not mean that it is secure or that it will be secure in the future. Carefully check which permissions an app is requesting and has been granted. See this in your Settings -→ Apps.

Good luck everyone – remember to think twice 🙂

References:

https://techsecurity.news/2020/02/bluefrag-critical-bluetooth-vulnerability-in-android-cve-2020-0022/

thtps://www.cvedetails.com/vulnerability-list.php?vendor_id=1224&product_id=19997&version_id=188440&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=772&sha=cc989d75eb9a930c55694358f687a94f77858134h