A serious vulnerability in Bluetooth stacks has been discovered that could allow attackers to take control of a wide range of devices, including Android, Linux, macOS, and iOS.
CVE-2023-45866: Authentication Bypass Vulnerability
The vulnerability, tracked as CVE-2023-45866, is an authentication bypass issue that allows attackers to connect to vulnerable devices without user consent and inject keystrokes to execute code as the victim.
How the Attack Works:
The attacker exploits an “unauthenticated pairing mechanism” defined in the Bluetooth specification to trick the target device into thinking it’s connected to a Bluetooth keyboard. This allows the attacker to remotely transmit keystrokes and:
- Install malicious applications.
- Run arbitrary commands.
- Gain full control of the device.
No Special Hardware Required:
The attack doesn’t require specialized hardware. It can be carried out from a regular Linux computer with a standard Bluetooth adapter, making it readily accessible to malicious actors.
A wide range of devices are vulnerable to this flaw, including:
- Android devices: All versions from Android 4.2.2 (November 2012) onwards.
- iOS devices: All versions when Bluetooth is enabled and a Magic Keyboard has been paired.
- Linux and macOS devices: All versions when Bluetooth is enabled.
LockDown Mode Not Immune:
The vulnerability even bypasses Apple’s LockDown Mode, which is designed to protect against sophisticated digital threats. This makes it particularly concerning for users who rely on this feature for enhanced security.
Remote Code Execution Possible:
Google, in an advisory released this month, stated that CVE-2023-45866 “could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.” This means an attacker could gain full control of the device without needing any special permissions or prior access.
Urgency of Patching:
Given the severity of this vulnerability and its wide-ranging impact, it’s critical for all affected users to update their devices to the latest patches as soon as they become available. Patching is the only way to mitigate the risk of this attack and protect your devices from potential harm.