Written byShubham Sharma
The reason? There is a security flaw that a group of researchers says can be exploited via Bluetooth to silently hack smartphones.
Here's all you need to know about the bug in question and its impact.
As first reported by the researchers at IT security firm ERNW, smartphones running Android 8.0 and 9.0 carry a security flaw that enables remote code execution over Bluetooth.
The group denied sharing specific details but claimed that a threat actor can use this bug, dubbed BlueFrag, to infect your phone (if nearby) with malware and then use it to steal your data like photos/videos.
According to the researchers, on Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled.
The research team claimed that BlueFrag compromises the phone without any sign, so you won't know when the attack is happening, and the hacker doesn't even have to interact with it.
They just have to be near the target device and know its Bluetooth MAC address, which can be deduced from the Wi-Fi MAC address (although it is not easy to determine it).
Apart from Oreo and Pie, older versions of Android may also be vulnerable.
However, that still needs to be confirmed, as the researchers claim they only evaluated the latest iterations of Android and not the older ones.
They also emphasized that Android 10 remains completely unaffected from the issue; trying this attack on Android 10 simply results in crashing its Bluetooth stack.
The fix for this issue comes with the February 2020 security update.
This means you'd either have to update to Android 10 or install the latest security patch to protect your phone.
If the update is not available, you don't have to rush to buy a new phone, as there are no reports of active exploits yet.
Love Science news?
Subscribe to stay updated.