A critical Bluetooth security bug that's reportedly been lurking about for several years can potentially be exploited by attackers to take control of Android, Linux, macOS, and iOS machines.
The flaw - CVE-2023-45866 - is an authentication bypass that lets attackers connect susceptible devices and inject keystrokes to achieve code execution as the victim.
Newlin went on to write that the underlying unauthenticated pairing mechanism is defined in the Bluetooth specification, and implementation-specific bugs expose it to the attacker.
He said full vulnerability details and proof-of-concept scripts will be released at an upcoming conference, and he will update the original document with conference details when available.
Newlin's blog also contains available patch information.
Cyware Director Emily Phelps explained that in this exploit, adversaries fool the Bluetooth system of a device into thinking it's connecting to a fake keyboard - without user confirmation.
This issue stems from a part of the Bluetooth rules that let devices connect without needing authentication.
Phelps said if patches are available for this vulnerability, security teams should fix the issue immediately.
For devices that are awaiting the fix, security teams should monitor for updates and patches.
They should also make staff aware of the issue and offer mitigation recommendations, such as disabling Bluetooth when not in use.
What the attacker took advantage of, Gallagher continued, is the many IoT devices, such as Bluetooth keyboards, want to make that handshake as easy as possible, especially since the keyboard can't be used until the handshake is completed.
Gallagher also pointed out that maintaining physical security, with video surveillance and access control, is another way that organizations can protect their infrastructure, adding that many cyberattacks like this one are made easy if the threat actor can gain physical access.
This Cyber News was published on packetstormsecurity.com. Publication date: Fri, 08 Dec 2023 16:43:08 +0000