Android: a bluetooth flaw endangers billions of smartphones
A Bluetooth flaw puts billions of Android smartphones at the mercy of hackers. This security breach has been spotted on smartphones equipped with Qualcomm components. While waiting for a fix, it is advisable to turn off Bluetooth on your phone.
According to IT security researchers at Asset Research Group, billions of smartphones are vulnerable to hackers. Experts have discovered “A set of 16 vulnerabilities” baptized BrakTooth in Bluetooth chips developed by most suppliers on the market, including Intel, Qualcomm, Texas Instruments, Infineon (Cypress), or Silicon Labs.
Vulnerable Bluetooth chips are found within “Microsoft Surface laptops, Dell desktops and several models of smartphones based on Qualcomm chips“. Note that Qualcomm components are found in most phones on the market, says MalwareBytes, which relays the study.
On the same topic: a critical flaw allows malicious code to be executed on your smartphone using Bluetooth
Flaw affects billions of Android smartphones, turn off Bluetooth
During their investigation, the researchers examined 13 bluetooth cards popular on the market. By going through the vulnerable firmware of the circuit, attackers are able to “To execute malicious code on devices” by sending files through the bluetooth connection. Hackers transfer the files in question using the Bluetooth Link Manager Protocol, the protocol designed to make it easier to configure and manage devices. Ultimately, they can seize data stored on a smartphone simply by being close to Bluetooth.
After the researchers’ discovery, three suppliers of Bluetooth chips have deployed a fix : BluTrum, Expressif and Infineon. On the other hand, Intel and Qualcomm have not yet reacted. Until a patch is released on all affected devices, MalwareBytes advises to “Turn off Bluetooth on devices that don’t need it”.
This is not the first time that a Bluetooth flaw has been spotted on Android phones. Last year, a critical zero-day flaw put millions of endpoints at risk. A few months earlier, a similar breach forced Google to act urgently to protect users.
Source: Asset Research Group