Warning from security firm: some Android users should not use any Bluetooth accessories

Warning from security firm: some Android users should not use any Bluetooth accessories
If you own an Android phone and use a Bluetooth accessory (like the wireless Samsung Galaxy Buds or the Google Pixel Buds), you might want to think twice about enabling Bluetooth on your handset. A vulnerability discovered in the Android Bluetooth subsystem by security firm ERNW allows anyone within Bluetooth range of your device to hack it without your knowledge.

You can be pushing a shopping cart at Walmart, walking in Times Square or enjoying the haute cuisine at Micky D's while your Android handset is being attacked by a stranger. This is a serious problem because once the hacker is able to rummage through your phone, personal data can be taken and/or malware introduced to the device.

Now there is some good news; the vulnerability doesn't affect those with Android 10 and the February security update patches the vulnerability. But Android's fragmentation issue means that even at this late date, there is a good chance that your Android phone is still running Android 8 Oreo or Android 9 Pie; those are the two Android versions affected by this issue while Bluetooth will simply crash on an Android 10 device if hacked. And you might not be able to count on the February security update since many Android phones won't receive it for months.

The scary thing about this vulnerability is that no user interaction is required for the hacker to gain entry to your phone. If you can't update to Android 10 or install the February Android security update, ERNW says that there are some things you can do. First, the security firm suggests that if your handset is at-risk, enable Bluetooth only if you absolutely positively must have it on. And you should also keep your device non-discoverable by not opening the Bluetooth scanning menu. But the security firm notes that "some older phones might be discoverable permanently."

Don't take this warning lightly. Unless your phone is running Android 10 or has the February security update installed, you might want to think twice about using those wireless Bluetooth earbuds if you're in an area where others are in close proximity to you.



30. libra89

Posts: 2359; Member since: Apr 15, 2016

Wow. Glad that I got the February patch already. Also glad that the family members that have phones with older software versions don't use Bluetooth at all.

23. Alter

Posts: 241; Member since: Mar 25, 2016

WTF I'm using my Samsung Galaxy Buds right now. I use them almost all day including when I'm at Walmart. Should I really stop using these headphones because of this warning? I guess it won't matter when I update to Android 10. I received it today on my AT&T Note 9.

22. mixedfish

Posts: 1579; Member since: Nov 17, 2013

Lmao this sounds like the bull crap like the Logitech wireless hack......and so how many victims were there considering the millions of customers? zero

15. magnaroader

Posts: 83; Member since: Feb 25, 2016

And what are the chances that a hacker is just standing around in a walmart waiting for some bloke with his 2018 specced phone with android 8 with his bluetooth just randomly on scanning mode to pop up?

19. tbreezy

Posts: 287; Member since: Aug 11, 2019

Lol, you seem to forget the fact that there are 2019 Android flagships that are still stuck in Android 9 and January Security Patches, LOL! Some of these flagships are near $1000, let’s not forget the fact that not all of them will get Android 10 or the Feb patch at the same time. What % of Androids are even on Android 10 with Feb patch? Like 0.5% maybe? LOL! What does Walmart have to do with this either? You clearly did not think your response through, if the hacker is serious they will probably hang around places like Airports, Train stations, buses, office parks etc... places where they know their victims are bound to be stationary for long periods of time and probably using Bluetooth accessories like BT headphones, smart watches/bands etc....

26. AlienKiss

Posts: 364; Member since: May 21, 2019

Pretty high chance if you ask me. Usually they'll connect to a public wifi with a laptop or a rooted last generation android smartphone and use a USB network card to scan for victims in monitor mode (sniffing for web activity in the air). If you want I'll even give you the names of the programs used :D After that it's just a matter of time and effort, usually followed by brute-force attacks. Think twice about using public wifi and STOP thinking nobody has their eyes on you. It's just a matter of time.. Some people do this for fun, others to test their skills, others to get your money and data. Don't take it personal, people sell private data on the dark web in bulk.

29. tbreezy

Posts: 287; Member since: Aug 11, 2019

Notice how the usual crowd of Android Fanboys is completely quiet here, they are out of words and have no way to make this sound less than what it is , LOL. magnaroader really tried but this is one of many they simply cannot make small, this is a huge problem

9. cevon3239

Posts: 259; Member since: Jan 01, 2020

Samsung represents Android now? Since Android belongs to Google, then why not use a Pixel for the photo.

10. Orion78

Posts: 241; Member since: Mar 27, 2014

Go cry some more. Lol

12. danny_a2005

Posts: 386; Member since: Oct 06, 2011

Because no Google phone is affected. All of us have our security updates.

18. dave23

Posts: 4; Member since: Jul 08, 2019

It's all Android phones danny lol.

27. danny_a2005

Posts: 386; Member since: Oct 06, 2011

By Google phone I mean the pixel line. All of them have the February security update like the article mentioned.

28. dave23

Posts: 4; Member since: Jul 08, 2019

Lol it's still affected. Just because it crashes doesn't mean it's not affected

31. danny_a2005

Posts: 386; Member since: Oct 06, 2011

The article: he vulnerability doesn't affect those with Android 10 and the February security update patches the vulnerability

32. dave23

Posts: 4; Member since: Jul 08, 2019

It says it's still affected. It will just crash if hacked

6. MrMalignance

Posts: 371; Member since: Feb 17, 2013

My favorite part in this whole article was "enjoying the haute cuisine at Micky D's". That made my day

5. miag5

Posts: 14; Member since: Nov 21, 2019

Long love the headphone Jack!

7. lyndon420

Posts: 6957; Member since: Jul 11, 2012

Exactly right.

17. AlienKiss

Posts: 364; Member since: May 21, 2019

It would seem that Sony is bringing back the 3.5mm jack to their next flagship. If it turns out to be true, I'm jumping boats back to them!

3. djcody

Posts: 251; Member since: Apr 17, 2013

I hope that hackers keep follow me in close range around 25 feet and they need move quickly I'm fast walker :).

20. tbreezy

Posts: 287; Member since: Aug 11, 2019

Lol, or it can be someone in your office/campus/apartment building, someone unsuspecting, that’s what hackers usually are, you cannot point a hacker out in a crowd, it could be a guy in your IT department who is just bored. ;)

2. kennybenny

Posts: 233; Member since: Apr 10, 2017

Thank goodness I bought a Google Pixel 3a!

13. danny_a2005

Posts: 386; Member since: Oct 06, 2011

You wouldn't be affected anyway babe

1. Skizzo

Posts: 462; Member since: Jul 14, 2013

Good thing we can all just rely on the 3.5mm audio jack for our mobile music needs............

4. CDexterWard

Posts: 152; Member since: Feb 05, 2018

Increasingly less, sadly. Too many OEMs are jumping on the “courage” wagon

8. TBomb

Posts: 1792; Member since: Dec 28, 2012

"Courage" wagon.... should be the "what-a-joke" wagon

24. kanagadeepan

Posts: 1292; Member since: Jan 24, 2012

Its actually "GREED" wagon, in disguise of COURAGE.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless