Skip to main content

There’s a major Android bluetooth security flaw. Here’s how to fix it

Looks like it’s time to check if you have an Android security update available to your phone. A new security flaw has been discovered in Android — and this time, it uses Bluetooth to allow access to your phone.

The flaw, called BlueFrag, takes advantage of Bluetooth in Android 8 and 9, and it basically allows hackers to execute code on your device. The result? Hackers can fully access anything stored on your phone, and install malware without your knowledge.

Of course, this sounds a little scarier than it actually is. Because it uses Bluetooth, would-be attackers have to be within Bluetooth range of your phone, which is around 33 feet. Hackers also need to know your device’s Bluetooth MAC address — though that address is relatively easy to figure out.

Still, the flaw isn’t something you would want to be vulnerable to — and thankfully, there are ways to guard against it. The February 2020 security patch comes with a fix to the flaw, and devices running Android 10 are already safe.

And don’t assume that you’re safe if you’re running a version of Android older than Android 8. The researchers who discovered the bug said that they tested it on devices running Android 8 or later — so it’s entirely possible that the flaw can be found in older versions too. The flaw itself does exist in Android 10, but thanks to changes in how Android implements Bluetooth, it’s not exploitable. Still, it’s worth keeping up with security updates as they’re made available.

Of course, not everyone will be able to install the February 2020 security patch or the latest version of Android because of how old their phone is — and if that’s you, and you’re worried about this hack, then you may want to limit your Bluetooth use. You could, for example, try and turn Bluetooth off whenever you’re not actually using it, or switch to wired headphones and other devices instead.

While it’s always a good idea to protect yourself as much as possible from exploits like this, it’s currently unclear how many hackers are actually working to take advantage of the flaw — and we’re betting the number is pretty low.

Editors' Recommendations