Researchers and independent IT Security service provider ERNW have discovered a vulnerability named BlueFrag that lets attackers silently deliver malware to and steal data from nearby smartphones running Android 8 Oreo or Android 9 Pie operating system (OS).
The vulnerability BlueFrag does not work with Android 10 OS. It's possible that versions before Android 8 are affected, but the team hadn't "evaluated the impact" on older releases.
The intruder only needs to know the Bluetooth MAC address of the target, and that's sometimes easy to guess just by looking at the WiFi MAC address. You won't even know the attack is happening, ERNW said, Engadget reported on Monday.
According to the researchers, users can protect themselves by installing the February 2020 security patch and the Bluetooth nature of the flaw means that the users have to be relatively close to an attacker.
This will mainly be a concern in public spaces where there's an abundance of targets, the report added.
It also means devices still on Android 9 Pie or below, probably still don't have much to worry about -- finding the Bluetooth MAC address isn't always a simple task.