Security researchers at ERNW have discovered a new vulnerability called ‘BlueFrag’ that lets attackers send malware to steal data from mobiles that are nearby. Experts have warned users to check for an update in-case your phone is not up to date.
The attackers are targeting phones that are running on Android 8 Oreo or Android 9 Pie and the threat actor only has to know the Bluetooth MAC address of the target to break in. But fortunately, the BlueFrag doesn’t work with Android 10.
Usually, the attacks can only be effective if the attacker is relatively close, meaning this can be a concern in public spaces where attackers can easily latch on any potential victim who doesn’t have the latest 2020 security update.
The issue is quite imaginable as there’ll be several devices that have either lost software updates or don’t receive them at all. This is because Google only asks popular mobile manufacturers to provide security updates for two years and even that policy came into light at the start of 2019.
This is where Android 8 users have a problem with as they have already crossed the two-year mark and chances are they might never get a BlueFrag fix. Google’s policy also lets vendors go up to 90 days before patching a flaw, which would potentially expose users for months without proper security updates.