CVE-2020-27054
📋 TL;DR
This vulnerability allows local attackers to perform a factory reset on Bluetooth settings without proper permission checks. It affects Android 11 devices, potentially allowing escalation of privilege to system-level Bluetooth operations. Exploitation requires no user interaction and minimal privileges.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains system-level Bluetooth control, could pair malicious devices, intercept communications, or disrupt Bluetooth functionality across the device.
Likely Case
Local attacker resets Bluetooth configurations, causing connectivity issues and requiring re-pairing of legitimate devices.
If Mitigated
With proper patching, the permission check prevents unauthorized factory resets, maintaining normal Bluetooth functionality.
🎯 Exploit Status
Exploitation requires local access but no special permissions. The missing permission check makes exploitation straightforward for local attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level 2020-12-01 or later
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2020-12-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > Advanced > System update. 2. Install Android Security Patch Level 2020-12-01 or later. 3. Reboot device after installation.
🔧 Temporary Workarounds
Disable Bluetooth when not in use
androidReduces attack surface by limiting Bluetooth functionality availability
Settings > Connected devices > Connection preferences > Bluetooth > Toggle off
Restrict app permissions
androidReview and remove unnecessary Bluetooth permissions from apps
Settings > Apps & notifications > [App name] > Permissions > Remove Bluetooth permission
🧯 If You Can't Patch
- Implement strict app vetting and installation policies to prevent malicious apps
- Use Mobile Device Management (MDM) solutions to enforce security policies and monitor for suspicious Bluetooth activity
🔍 How to Verify
Check if Vulnerable:
Check Android version in Settings > About phone > Android version. If version is 11 and security patch level is earlier than 2020-12-01, device is vulnerable.Check Version:
adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify Android Security Patch Level is 2020-12-01 or later in Settings > About phone > Android security patch level.📡 Detection & Monitoring
Log Indicators:
- Unexpected Bluetooth factory reset events in system logs
- BluetoothManagerService permission denial attempts before patch
Network Indicators:
- Sudden Bluetooth device disconnections and re-pairing requests
SIEM Query:
source="android_system" AND "BluetoothManagerService" AND "factoryReset" AND NOT permission="android.permission.BLUETOOTH_ADMIN"