At least there is the mitigation that it isn't exploitable unless the device is ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

dspillett on Feb 7, 2020 | parent | context | favorite | on: Critical Bluetooth vulnerability in Android

At least there is the mitigation that it isn't exploitable unless the device is scanning for new devices to pair with, at least by my reading of the reports I've seen.

Phones are not usually in that state unless the BT settings screen is open. Otherwise it would drain excess battery in normal use.

londons_explore on Feb 8, 2020 [–]

No - it is always exploitable, but you need to know the Mac address to pull off the exploit.

While scanning for devices, a phone reveals the Mac address. There are other ways to know the Mac address too.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact