There is a fix, but not available to everyone.
The German company ERNW, specializing in security, spoke about the discovered critical Bluetooth vulnerability in the Android operating system. The vulnerability is called BlueFrag.
If Bluetooth is enabled on the gadget, the vulnerability allows attackers to remotely run arbitrary commands on devices with Android 8 Oreo or Android 9 Pie installed. This will not require any action on the part of the user, all that an attacker needs is the well-known Bluetooth MAC address of the device. This address can be calculated for some devices using the Wi-Fi MAC address.
As a result, an attacker can easily deliver malicious code to nearby smartphones and steal data. Users will not notice such an invasion.
On Android 10, the BlueFrag vulnerability no longer works. On versions of Android older than 8 Oreo, it may also be present, but ERNW experts did not check.
You can protect yourself by installing the February Android security update. It is now becoming available even for devices that have not yet received Android 10. In addition, to use BlueFrag, an attacker must be nearby and Bluetooth on the device must be turned on.