Categories
Security Updates

Android Bluetooth Vulnerability

Weekly Tech News from Helpful Dave!

Hello, once again its time for Weekly Tech News from Helpful Dave!

This week I’ll be picking on your cellphone again, but only for Android users. So if you have an iPhone feel free to breathe a sigh of relief because you are safe!

Our Tech Terms for this week are:

Bluetooth: If you don’t already know Bluetooth is a means of wirelessly connecting two devices. The most common uses are when you connect your phone to your car, headphones, or headset. Bluetooth also allows you to share files between devices as well, which is how your car can see who is calling when the contact is on your phone.

Bluetooth Pairing: This is how two devices agree to communicate with each other. Lets use a small example on what it would look like to pair a phone to a car’s entertainment system.

1. Go to your car and find the Bluetooth settings

2. Tell your car you want to add a new phone

3. Go to your phone and then open your Bluetooth settings

4. Tell your phone you want to add a new device

5. Find your car from the list of available devices and select it

6. You are normally asked to enter a PIN Code that is displayed on the screen in your car to confirm

7. Your phone will ask you if you also want to share contacts with your car

8. Once accepted your phone is now permanently paired to that car until you unpair it or the settings are reset on the car’s entertainment system

Now onto the news

This exploit actually bypasses the Bluetooth pairing process completely. All that needs to happen is a hacker needs to be within close proximity to your cellphone and they can possibly execute code remotely. You will not be asked to pair your phone, you will not receive any notification, it will just happen!

Once the hacker has control over your Bluetooth they can perform any actions that Bluetooth is allowed to perform. This includes possibly steal your data, files, and even spread malware to other devices your phone is connected to!

To make problems worse not all phones will receive updates to fix this issue The reason being is manufacturers generally only provide security updates for your phone for three years from when the phone was first released. So if your phone is three years old or more you probably will not receive this update.

How do I know if my phone is vulnerable?

Your phone is vulnerable if you are running the following Android Versions and do not have the February Security Update from Google.

Android 8 also known as Android Oreo

Android 9 also known as Android Pie

Android 10 – the vulnerability is not as bad but you should still update your firmware.

If you are running a version older than 8 its possible you will be affected as well. The researchers have not done any research into that area since those phones are much older.

How to tell if you have the latest Android Security Patch?

The steps are different for some phones. In general you want to do the following steps:

1. Go into your Settings app

2. Go into System, then Advanced, then System Update

3. You’ll be able to see your Android Version and Security Patch in here

If February 2020 or later you are safe!

How can you keep yourself safe?
Here are Helpful Dave’s Tips!

DO: Always apply Security Updates when they are presented to you from your carrier or the Google Play store.

DON’T: Keep using Android Phones older than 3 years without checking your security version.

Please feel free to let us know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave