New Bluetooth flaw lets hackers take over Android, Linux, macOS, and iOS Devices

A serious vulnerability in Bluetooth stacks has been discovered that could allow attackers to take control of a wide range of devices, including Android, Linux, macOS, and iOS.

CVE-2023-45866: Authentication Bypass Vulnerability

The vulnerability, tracked as CVE-2023-45866, is an authentication bypass issue that allows attackers to connect to vulnerable devices without user consent and inject keystrokes to execute code as the victim.

How the Attack Works:

The attacker exploits an “unauthenticated pairing mechanism” defined in the Bluetooth specification to trick the target device into thinking it’s connected to a Bluetooth keyboard. This allows the attacker to remotely transmit keystrokes and:

  • Install malicious applications.
  • Run arbitrary commands.
  • Gain full control of the device.

No Special Hardware Required:

The attack doesn’t require specialized hardware. It can be carried out from a regular Linux computer with a standard Bluetooth adapter, making it readily accessible to malicious actors.

Affected Devices:

A wide range of devices are vulnerable to this flaw, including:

  • Android devices: All versions from Android 4.2.2 (November 2012) onwards.
  • iOS devices: All versions when Bluetooth is enabled and a Magic Keyboard has been paired.
  • Linux and macOS devices: All versions when Bluetooth is enabled.

LockDown Mode Not Immune:

The vulnerability even bypasses Apple’s LockDown Mode, which is designed to protect against sophisticated digital threats. This makes it particularly concerning for users who rely on this feature for enhanced security.

Remote Code Execution Possible:

Google, in an advisory released this month, stated that CVE-2023-45866 “could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.” This means an attacker could gain full control of the device without needing any special permissions or prior access.

Urgency of Patching:

Given the severity of this vulnerability and its wide-ranging impact, it’s critical for all affected users to update their devices to the latest patches as soon as they become available. Patching is the only way to mitigate the risk of this attack and protect your devices from potential harm.

Source

LATEST NEWS

tn
Xiaomi 14 Full Review: Pioneering new legacy in mobile photography
This content is password protected. To view it please enter your password below: Password:
Read More
20240223-130707
HUAWEI MatePad 11.5” PaperMatte Edition: Transcending work and play with PC-level, paperless experience
Find out what this MatePad offers to office workers, students, and artists in this unboxing and first...
Read More
img_v3_028b_d5489ca0-3675-41db-bc81-444c6565e9hu
Chinese university students pave the way with Calcium-based battery development
A team of visionary researchers at Fudan University in Shanghai, China, has achieved a groundbreaking...
Read More

Your compare list

Compare
REMOVE ALL
COMPARE
0