Dear Android users: there is a serious flaw that allows anyone within Bluetooth range (e.g., in a subway car, on a busy street, in a parking lot, etc.) to wirelessly hack into your device without your knowledge. [A security advisory posted yesterday (February 6) by Jan Ruge of the Technical University of Darmstadt, Germany, who discovered the flaw, states, "No user interaction is required. The vulnerability could lead to identity theft and could be used to spread malware (Short-Distance Worm)."

There are two exceptions. The latest version, Android 10, is largely unaffected by this flaw. The attack simply crashes Bluetooth. Thus, if your phone is running Android 10, you should be fine.

Also, owners of Google Pixel and Android One phones running Android 9 Pie or Android 8/8.1 Oreo can install the patch that came with the February Android security update earlier this week They can do so. (However, everyone else running Android 8 or 9, the most widely used versions of Android, will have to wait for their phone manufacturer to test and release the February security update.

If your phone cannot be updated to Android 8, 9, or 10, then you probably will not receive the patch. Also, the details of how this attack works are not yet known, so even the best Android antivirus apps may or may not be able to protect you.

In that case, Rouge has some advice.

One is, "Enable Bluetooth only when strictly necessary. Remember that most Bluetooth-enabled headphones also support wired analog audio.

The second is, "Make sure the device is undetectable. In most cases, you will have to go into the Bluetooth scan menu to detect it. Nevertheless, some older phones may be permanently detectable.

An attacker must know the device's Bluetooth MAC address, or network interface identifier; Bluetooth devices usually only broadcast their MAC address when they want other devices to find them, but this can be turned off This can be turned off.

Go into the Android device's settings, find the wireless or Bluetooth settings, and disable "discoverable" if possible. You can link to already paired Bluetooth devices, but not to new Bluetooth devices.

Before everyone panics, I should mention that this flaw has not yet been exploited.

However, they are definitely trying to reverse engineer this month's Android patch to find out what was fixed and how to exploit it.