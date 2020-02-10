A critical security flaw in Android allows attackers to send malicious files to your smartphone via Bluetooth.

The vulnerability was discovered by security researchers at ERNW in November 2019. Researchers said it could be used by malicious actors to steal personal information or spread malware.

“Under Android 8.0 to 9.0, a remote attacker could run arbitrarily nearby code with the rights of the Bluetooth daemon, as long as Bluetooth is activated,” said ERNW.

The researchers said that no action on the part of the user is required – attackers only need to know the Bluetooth MAC address of the target device.

“For some devices, the Bluetooth MAC address can be derived from the WiFi MAC address,” added ERNW.

Update now

The researchers strongly recommended that users of the affected operating systems install the latest Android security patch for February 2020 that fixes the problem.

In the event that an update is not yet available for your device, ERNW has recommended the following:

Only activate Bluetooth if this is absolutely necessary.

Don’t let your device be found. Most are only visible when you access the Bluetooth scan menu. However, some older cell phones may be permanently recognizable.

To check for and download the latest updates for your Android device, navigate to Settings on your phone and go to the “Software Update” or “About Phone” menus.

For more instructions, visit the Support page for Android help,

