ERNW stated that BlueFrag attackers are able to access phones via Bluetooth MAC addresses which can be easily obtained by scanning unsecured public WiFi networks that the phones are connected to. The attack is done silently behind the scenes and users will be totally unaware of it happening.
As mentioned earlier, the vulnerability is only present on older Android phones due to the lack of support to their outdated OS, although an upcoming February 2020 security patch could prevent this on Android 9 Pie devices. Android 10 users need not worry regarding this, as their devices are currently up-to-date in terms of security. With that said, it’s likely that most Android Pie phones have yet to receive their updates as manufacturers are prioritising more on their current devices. It’s best advised that users should constantly check for the new security patch if they’re running on Android 9, as well as be extremely wary of using unsecured public WiFi spots. (Source: ERNW via Engadget.)