Anyone with an older Android device running Android 8 or 9 should be careful when using Bluetooth. An error was detected by Internet security company ERNW, which allows anyone within the range of a Bluetooth-enabled Android device to gain access to the device’s storage.
The hacker needs to know some more details about the device — especially its Bluetooth MAC address — that they can fully access the internal storage remotely, but as ENRW’s error report explains, it is relatively easy to find. Once they log in, the attacker can easily remove personal files and install malware or other spyware on the device without alerting the phone’s user.
February 2020 Android Security Patch is the solution to this bug, so please download and install it if you get the patch through the standard Android system update process.
ENRW’s bug report states that Android versions older than 8.0 may also be affected by Bluetooth, but those versions have not been tested. There is a bug in Android 10, but it can not be used, so there is no risk (Android 10 users still need to install the security update, because it includes other fixes).
If you are unable to install the February 2020 security update because your Android is too old, the next best solution is to stop using Bluetooth. It also disables your ability to use Bluetooth accessories, making it impossible for hackers to exploit against you. (Hope you still have a 3.5mm headphone jack on your device.)
Otherwise, disable Bluetooth detection on your device — if possible — or make up your mind to flick Bluetooth via the status bar, or specify what you see when you swipe up and down your screen when you are not using it.
