Android Bluetooth Critical RCE Flaw

A recent vulnerability was found by researchers from a German security firm. Fixes are available via the Android February 2020 Security Bulletin. The bug is identified as CVE-2020-002; when exploited can result in remote-code-execution without any user interaction with elevated privileges.

The bug is found in the Bluetooth daemon when the Bluetooth module is active. This security fault can spread malware like a worm from short distances due to Bluetooth’s range of connection.

The versions of Android affected by this vulnerability take up to two-thirds of Android devices with the exception that Bluetooth is enabled. The version affected are Android Pie (9.0) and Android Oreo (8.0, 8.1). Only within Bluetooth proximity is it possible to exploit this vulnerability without user knowledge. The only reconnaissance necessary is to grab the Bluetooth’s MAC address of the target device in order to conduct the attack.

The same vulnerability is found in Android 10.0; however, the CVE is rated at ‘moderate’ because it does not trigger an RCE but does trigger a denial-of-service (DoS). Other older versions before 8.0 could potentially be vulnerable although researchers have not tested the impact.