Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover

Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms.
The keystroke injection vulnerability allows an attacker to control the targeted device as if they were attached by a Bluetooth keyboard, performing various functions remotely depending on the endpoint.
Tracked as CVE-2023-45866, the flaw exists in how in the Bluetooth protocol is implemented on various platforms.
The vulnerability enables an attacker to pair an emulated Bluetooth keyboard with a victim's phone or computer, implementing the keyboard as a Python script that runs on a Linux computer.
The attacker can then inject keystrokes, typing on the target device as if they were a Bluetooth keyboard legitimately attached to the target.
On Linux and macOS, the attacker could launch a command-prompt and run arbitrary commands as well as install apps, Newlin adds.
Hiding in Plain Sight While the flaw has been present for at least a good 10 years, it has been hiding in plain sight likely because of its simplicity, Newlin tells Dark Reading.
He only discovered the issue after first exploring potential keystroke-injection vulnerabilities in Apple's Magic Keyboard - a wireless keyboard for iOS and macOS - and moving on to explore the potential for the flaws more broadly in Bluetooth from there.
While Bluetooth is an incredibly useful protocol that has changed how people interact with various devices, its cross-platform, multi-device nature is proving to be complex in terms of security, causing myriad issues that patches can't keep up with.
The same flaw was patched in Linux in 2020, but then the fix was left disabled by default, Newlin discovered.
Further, the vulnerability in macOS and iOS bypasses Apple's security protections and works in Lockdown Mode, which is meant to protect devices from sophisticated cyberattacks, he said.
Bluetooth Exploit Forthcoming A platform's level of exposure depends on the state of the device in question, Newlin said.
On Android devices are vulnerable whenever Bluetooth is enabled, while exploitation on Linux/BlueZ requires that Bluetooth is discoverable/connectable.
iOS and macOS devices are vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer.
In January, Newlin will release proof-of-concept exploit scripts demonstrating how an attacker can exploit the flaw from a Linux-based computer using a standard Bluetooth adapter.
Disclosure and Mitigation Newlin informed Apple, Google, and Canonical of the flaw in August, and informed Bluetooth SIG in September.
There are patches for most affected devices, although some remain vulnerable, including Apple gear.
There currently is no fix available for Android 4.2.2-10; however, an Android security update released this week mitigates the vulnerability in Android versions 11-14, although Newlin says he's not sure which OEMs have so far implemented the patch.
Newlin tested Ubuntu Linux versions 18.04, 20.04, 22.04, 23.10; all were vulnerable.
There is a patch available on Github for BlueZ devices.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 06 Dec 2023 17:20:06 +0000


Cyber News related to Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover

Unraveling the Wonders of Bluetooth - Continuing its evolution, Bluetooth 3.0 + HS arrived in 2009, introducing the concept of Bluetooth High Speed, leveraging Wi-Fi technology for faster data transfer over short distances. Bluetooth 4.0, introduced in 2010, marked a significant ...
9 months ago Feeds.dzone.com
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover - Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted ...
11 months ago Darkreading.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
11 months ago Bleepingcomputer.com
CVE-2024-49950 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 ...
2 weeks ago Tenable.com
CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
8 months ago Tenable.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
7 months ago Cisa.gov
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
7 months ago Cisa.gov
New BLUFFS attack lets attackers hijack Bluetooth connections - Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. Daniele Antonioli, who discovered the attacks, ...
11 months ago Bleepingcomputer.com
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices - Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices. Such flaws in Bluetooth protocols enable the threat actors to steal sensitive data, ...
9 months ago Cybersecuritynews.com
Bluetooth Security Flaw Strikes Apple, Linux, and Android Devices - Vulnerabilities in the constantly changing technology landscape present serious risks to the safety of our online lives. A significant Bluetooth security weakness that affects Apple, Linux, and Android devices has recently come to light in the ...
11 months ago Cysecurity.news
'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks - A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can ...
10 months ago Bleepingcomputer.com
Apple and some Linux distros are open to Bluetooth attack The Register - A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, ...
11 months ago Go.theregister.com
Flipper Zero Bluetooth spam attacks ported to new Android app - Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. Inspired by previous research on the topic and Flipper Zero applets targeting iOS ...
11 months ago Bleepingcomputer.com
Do AirPods Work With Android? - AirPods work well with Android, but the experience may be less satisfying or convenient compared to Apple's ecosystem. Certain features are unavailable such as customizing double-tap functionality and access to Siri voice assistant. One of the best ...
10 months ago Hackercombat.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
5 months ago Securityaffairs.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks - An authentication bypass flaw in the Bluetooth protocol allows attackers to connect to vulnerable devices and inject keystrokes. The issue, tracked as CVE-2023-45866, enables attackers within Bluetooth range to connect to discoverable hosts without ...
11 months ago Securityweek.com
Critical Bluetooth flaw could take over Android, Apple, Linux devices - A critical Bluetooth security bug that's reportedly been lurking about for several years can potentially be exploited by attackers to take control of Android, Linux, macOS, and iOS machines. The flaw - CVE-2023-45866 - is an authentication bypass ...
11 months ago Packetstormsecurity.com
CVE-2024-26890 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with ...
6 months ago Tenable.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
4 months ago Securityaffairs.com
New Bluetooth Vulnerability Leak Your Passcode to Hackers During Pairing - To mitigate this risk, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if a peer’s public key X coordinate matches that of the local device, except when a debug key is used. This vulnerability, known as ...
1 month ago Cybersecuritynews.com
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
10 months ago Eff.org
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
1 month ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)