
An Android 8.0-9.0 Bluetooth Zero-Click RCE - faebi
https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/
======
NotSammyHagar
I really hate this software world where my phone stack is generally hidden
away from my ability to fix it or change it. It's true for both apple and
android generally, even if I can see some pieces of android in the public
sources it's basically impossible to change out alot of the inner stack. I
know there are endless attempts to let us have control over our phones. But we
programmers are never the customers. And the vendors never open source their
drivers. The various open software/hardware schemes never seem to reach
maturity. Is there any hope here?

~~~
the_pwner224
The two big projects working on this are the Purism Librem 5 and the
PinePhone, both run stock Linux with no binary blobs aside from an isolated
cellular modem.

The Librem 5 has been delayed for years and the behaviour of the company is
kind of sketchy, however going by Purism's videos the software is pretty good
and getting better rapidly (and they upstream their changes back to Gnome).

The PinePhone has shipped to some developers and the company has a history of
actually making functional products, but the software is still a WIP, and
Pine64's products are cheap (which is great for many people, but I would
rather have a $400 phone than a <$150 phone, especially given that these ones
won't suffer from software obsolescence).

I can't wait for these things to become at least somewhat functional - I
personally will be buying one as soon as they get phone calling, SMS, and a
web browser (the Librem has them, and other Gnome applications, but it's still
in preorder).

Pinephone:
[https://www.pine64.org/pinephone/](https://www.pine64.org/pinephone/)

\-
[https://news.ycombinator.com/item?id=21824962](https://news.ycombinator.com/item?id=21824962)

Librem 5:
[https://puri.sm/products/librem-5/](https://puri.sm/products/librem-5/)

\-
[https://news.ycombinator.com/item?id=21369733](https://news.ycombinator.com/item?id=21369733)

\-
[https://news.ycombinator.com/item?id=21303770](https://news.ycombinator.com/item?id=21303770)

\- [https://puri.sm/posts/librem-5-vs-android-which-boots-
faster...](https://puri.sm/posts/librem-5-vs-android-which-boots-faster/)
(stupid comparison vs a 6 year old Android phone - how out of touch is their
marketing team and CEO to allow this to happen???)

~~~
benbristow
These things look fun but if they don't get the app support they'll just go
the same way that Firefox OS, Ubuntu Mobile and Windows Phone did.

Unfortunately other than the hacker niche that's on this forum you won't get
the average consumer using these devices/OSes and therefore you won't get the
apps that attract people to use the devices in the first place.

~~~
twicetwice
This is why I want Firefox to prioritize Progressive Web App support, and for
PWAs to become more popular. Then an open device that can run Firefox can have
access to a variety of apps that will work just the same as they would on an
Android device. I understand there are drawbacks compared to native, but I
really think they're worthwhile tradeoffs to enable new platforms to be
immediately compatible with an existing set of cross-platform apps!

~~~
pjmlp
Except it is Google and Microsoft that are driving the show in regards to PWAs
and their OS integration.

------
morsch
Fixed in
[https://android.googlesource.com/platform/system/bt/+/3cb714...](https://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf)
of
[https://source.android.com/security/bulletin/2020-02-01](https://source.android.com/security/bulletin/2020-02-01):

    
    
      -        packet->len = partial_packet->len - partial_packet->offset;
      +        packet->len =
      +            (partial_packet->len - partial_packet->offset) + packet->offset;
    

I wonder how many devices are running that patch level.

~~~
kuschku
My Google Pixel 1 isn’t running this patch level, because Google dropped
support for it entirely. Which just sucks, because there’s no reason not to
support it anymore, it’s just planned obsolescence.

~~~
Paianni
The Pixel 1's kernel and drivers are no longer maintained upstream.

~~~
fulafel
Do you mean there's a Linux tree upstream of Google but downstream from Linus
who have stopped work outside of Google control?

~~~
DCKing
Yes, sort of. Google depends on Qualcomm to make updated drivers, as Qualcomm
owns the intellectual property. All Pixel phones are based on a Qualcomm
platform.

Qualcomm stops supporting their processors after a few years, usually three.
They can make more money by selling new chips. Although I say this cynically,
Qualcomm is actually the best third party vendor in this regard.

~~~
fulafel
They must have the source code for any chipset vendor kernel drivers due to
the GPL so they could keep producing security patches, or require them
contractually. Some other Linux vendors keep supporting old ketnel versions
for 10+ years after all.

~~~
DCKing
Linux kernel drivers don't have to be GPL though. There exist plenty of closed
source drivers for GNU/Linux. The "kernel" on Android devices are a small open
source kernel and a huge amount of closed source blobs for wireless
connectivity, sensors and the GPU.

~~~
fulafel
That legal interpretation has been contested a lot. In any case that wouldn't
be a blocker for providing security patches to the kernel, just like other LTS
Linux distributions do.

------
baybal2
A do remember an "SMS storm" for Sony ericsson A200 from 15 years ago.

You get a garbled binary SMS, and then the virus resends itself to every
number in your phonebook.

~~~
technoplato
What was the end goal of the virus?

~~~
kalleboo
Before monetization through bitcoin was easy, viruses were usually made and
released just because you could. To experiment and see how far it could
spread. And maybe just to wreak havoc and troll people.

[https://techgaming.pk/2015/09/07/the-most-dangerous-mac-
viru...](https://techgaming.pk/2015/09/07/the-most-dangerous-mac-viruses/)

> This virus first appeared in 1988 on earlier versions of Mac OS. Initially,
> the program displayed a message about Michael Dukakis (Democratic
> presidential candidate):

> I was created by mischievous 14 year old, and am completely harmless.
> Dukakis for president in ’88.

~~~
technoplato
That’s awesome, thanks for sharing.

I assume via BTC or any crypto, it’s just a matter of running a “miniminer” of
some sort across all effected machines?

------
xkapastel
So uh, as someone stuck on Android 8 forever, what am I supposed to do? Just
get a new phone?

~~~
robocat
Disable Bluetooth. Use a cabled connection if you need headphones/mic.

If you need Bluetooth then check whether your phone has the same Broadcom
driver - you might be fine depending on hardware. Or check if you can install
open source firmware that includes a fixed driver.

There are other things you can do depending on device.

~~~
numpad0
How would one disable Bluetooth?

~~~
samoa42
apple makes it kind of hard; three taps vs. android one swipe and one tap or
are you implying it cannot be disabled b/c it is needed?

~~~
danieldk
I am not sure how that is relevant, since this is about a current _Android_
vulnerability.

But it's less of a problem in iOS anyway, because Apple provides updates for
iPhones much longer. They are still releasing security updates for the iPhone
5s and 6, which are from 2013 and 2014 respectively.

[https://en.wikipedia.org/wiki/IOS_12#12.4.6](https://en.wikipedia.org/wiki/IOS_12#12.4.6)

------
pjmlp
Yet another typical C exploit.

No wonder that Android 11 will require hardware memory tagging and is now
introducing GWP-ASan for the devices without it.

------
iszomer
Seems like every time there's a new mobile RCE they compel us to buy new
phones. And for average person who don't, they'll compound the problem with
system level contact tracing.

I give up on technology.

~~~
jokowueu
Just give up on smart phones . iPhones though on the other hand will get
updates for about 5 years which is decent

~~~
pjmlp
A security crazy person also cannot make use of feature phones as they are
already smart enough with networking capabilities.

So it is back to rotary phones and public booth.

