Adafruit is open and shipping! Let's build back better, together!
0

An Android 8.0-9.0 Bluetooth Zero-Click vulnerability #Security #Bluetooth @insinuator

One feature that is available on most classic Bluetooth implementations is answering via Bluetooth pings. Everything an attacker needs to know is the device’s Bluetooth address. Even if the target is not discoverable, it typically accepts connections if it gets addressed. ERNW Insinuator discusses vulnerability CVE-2020-0022 which is an Android 8.0-9.0 Bluetooth Zero-Click remote code execution (RCE) – also called BlueFrag.

In the following, we describe a Bluetooth zero-click short-distance RCE exploit against Android 9, which got assigned CVE-2020-0022 . We go through all steps required to establish a remote shell on a Samsung Galaxy S10e, which was working on an up-to-date Android 9 when reporting the issue on November 3 2019. The initial flaw used for this exploit is still present in Android 10, but we utilize an additional bug in Bionic (Android’s libc implementation), which makes exploitation way easier. The bug was finally fixed in the security patch from 1.2.2020 in A-143894715.

A demonstration video is above. See more in the article here.


Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Join 25,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7pm ET! To join, head over to YouTube and check out the show’s live chat – we’ll post the link there.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/

CircuitPython – The easiest way to program microcontrollers – CircuitPython.org


Maker Business — To make it through a tough business cycle, layoffs should be a last resort

Wearables — Pipe cleaner purposes

Electronics — Diode Test Current

Python for Microcontrollers — Python on Microcontrollers Newsletter: CircuitPython 6 released and projects galore! #Python #Adafruit #CircuitPython @micropython @ThePSF

Adafruit IoT Monthly — CO2 Cuckoo Clock, Wippersnapper, and more!

Microsoft MakeCode — Making a Smart LEGO Ferris Wheel!

EYE on NPI — Maxim’s Himalaya uSLIC Step-Down Power Module #EyeOnNPI @maximintegrated @digikey

New Products – Adafruit Industries – Makers, hackers, artists, designers and engineers! — New Products 11/25/2020 Featuring #Adafruit #SGP40 #AirQuality Sensor Breakout – VOC – STEMMA QT @adafruit #newproducts

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



No Comments

No comments yet.

Sorry, the comment form is closed at this time.