Hello, welcome to the Friday, February 7th, 2020 edition of the Sansand-Stormsanders Stormcast.

My name is Johannes Ulrich.

I'm recording from Jacksonville, Florida.

Yesterday, I talked about the Android updates, in particular CVE 2020, CIRSR 22.

This was the vulnerability that was critical on Android 8 and 9,

not on Android 10. I noted that Google's advisory was a little bit vague, that it really just

talked about data transmissions that could trigger this vulnerability. Didn't really specify a lot

what kind of data transmissions could be used. Now, we have a little bit more detail now from

the incinerator blog and it talks that, well, the vector here is Bluetooth.

Not enough details here in this blog to really tell us what the vulnerability is all about.

So they'll probably take reverse engineering some of the patches.

But they do state that on Android 8 and 9, an remote attacker could trigger this vulnerability, could execute arbitrary code without any user interaction as long as, first of all, Bluetooth is enabled,

and the attacker knows the Mac address of the Bluetooth device.

The easiest way, of course, to protect yourself is just to turn off Bluetooth, but Bluetooth

has become sort of one of those very critical features in many mobile devices with

headphones and such, of course, requiring that you are using it.

It helps a bit if your device is not discoverable and most devices are not discoverable

by default unless you're sort of within the Bluetooth scanning menu. Now this helps with keeping the

Mac more ahead but as the blog post points out on some phones well the Bluetooth

Mac is related to the Wi-Fi Mac so once you know the Wi-Fi Mac which of

course is more difficult to hide you may be able to then guess the Bluetooth Mac.

If you are creative professional if you like to draw with your computer you may be able to then guess the Bluetooth map.

...