Dear Android users: there is a serious flaw that allows anyone within Bluetooth range (eg, in a subway car, on a busy street, in a parking lot, etc) to wirelessly hack into your device without your knowledge [A security advisory posted yesterday (February 6) by Jan Ruge of the Technical University of Darmstadt, Germany, who discovered the flaw, states, "No user interaction is required The vulnerability could lead to identity theft and could be used to spread malware (Short-Distance Worm)"

There are two exceptions The latest version, Android 10, is largely unaffected by this flaw The attack simply crashes Bluetooth Thus, if your phone is running Android 10, you should be fine

Also, owners of Google Pixel and Android One phones running Android 9 Pie or Android 8/81 Oreo can install the patch that came with the February Android security update earlier this week They can do so (However, everyone else running Android 8 or 9, the most widely used versions of Android, will have to wait for their phone manufacturer to test and release the February security update

If your phone cannot be updated to Android 8, 9, or 10, then you probably will not receive the patch Also, the details of how this attack works are not yet known, so even the best Android antivirus apps may or may not be able to protect you

In that case, Rouge has some advice

One is, "Enable Bluetooth only when strictly necessary Remember that most Bluetooth-enabled headphones also support wired analog audio

The second is, "Make sure the device is undetectable In most cases, you will have to go into the Bluetooth scan menu to detect it Nevertheless, some older phones may be permanently detectable

An attacker must know the device's Bluetooth MAC address, or network interface identifier; Bluetooth devices usually only broadcast their MAC address when they want other devices to find them, but this can be turned off This can be turned off

Go into the Android device's settings, find the wireless or Bluetooth settings, and disable "discoverable" if possible You can link to already paired Bluetooth devices, but not to new Bluetooth devices

Before everyone panics, I should mention that this flaw has not yet been exploited

However, they are definitely trying to reverse engineer this month's Android patch to find out what was fixed and how to exploit it