Owners of Android smartphones and tablets should use Bluetooth with care at the moment as a security vulnerability could allow an attacker to steal personal data or inject malware.

The vulnerability is called CVE-2020-0022 and could allow an attacker to exploit Bluetooth to execute arbitrary code on devices running Android 8 (Oreo) or 9 (Pie). Devices with Android 10 are not affected.

If your device has Android 8 or 9, you should check under settings that the latest security update has been installed. If you see the dates 2020-02-01 or 2020-02-05 for your last update, then your device is safe.

Users can't manually install security patches with Android – they have to wait until the device manufacturer sends a system update.

If you haven't got the security patch that plugs this gap, it's recommended that you only enable Bluetooth when it's strictly necessary. Most Bluetooth-enabled headphones can also be used with a cable.

The experts also recommend that you keep your device non-discoverable if possible. That means that third-party devices can't find your smartphone or tablet even when Bluetooth is turned on. – dpa