A new vulnerability named BlueFrag has reportedly been discovered by IT security service provider ERNW. According to reports, it lets attackers silently deliver malware to and steal data from nearby smartphones running Android 8 Oreo or Android 9 Pie operating system (OS).
However, it does not work with Android 10 OS. It's possible that versions before Android 8 are affected, but the team hadn't ‘evaluated the impact’ on older releases.
According to the researchers, users can protect themselves by installing the February 2020 security patch and the Bluetooth nature of the flaw means that the users have to be relatively close to an attacker. Reports suggest that the intruder only needs to know the Bluetooth MAC address of the target, and that's sometimes easy to guess just by looking at the WiFi MAC address. You won't even know the attack is happening, ERNW reportedly said in a statement.
This will mainly be a concern in public spaces where there's an abundance of targets, the report added.
*Edited from an IANS report.