Subj : This Bluetooth security flaw could be used to hijack Apple and Li
To   : All
From : TechnologyDaily
Date : Fri Dec 08 2023 12:15:05

This Bluetooth security flaw could be used to hijack Apple and Linux devices

Date:
Fri, 08 Dec 2023 12:10:47 +0000

Description:
There is a way to trick a device into thinking it is paired with a new 
Bluetooth keyboard, with Apple users most at risk.

FULL STORY
======================================================================

Experts have uncovered a way to trick a Bluetooth-enabled device into 
thinking it has connected to a wireless keyboard when, in fact, its 
connecting to another computer. 

This, in turn, would allow the operator to run commands on the device, 
including running malware , according to cybersecurity researcher Marc 
Newlin, who discovered the flaw and disclosed it to Bluetooth software 
vendors last summer. 

The flaw is tracked as CVE-2023-45866 and is described as an authentication 
bypass. Android, Linux, macOS, and iOS devices, are all susceptible, it was 
said. Bluetooth under pressure 

"Multiple Bluetooth stacks have authentication bypass vulnerabilities that 
permit an attacker to connect to a discoverable host without user 
confirmation and inject keystrokes," Newlin said. 

If the attacker is physically close enough to the victim endpoint, he can 
trick it into thinking it is paired with a new Bluetooth keyboard, and then 
use this new keyboard to run apps, arbitrary commands, and more. All it needs 
is a Linux computer with a regular Bluetooth adapter. 

Google recently published a new security advisory to draw Android users 
attention to the flaw, and said that CVE-2023-45866 could lead to remote 
escalation of privilege with no additional execution privileges needed. 

Bluetooth has been getting a lot of bad press lately. Just last week, 
researchers from Eurecom discovered two flaws collectively named BLUFFS, 
which allow attackers to mount device impersonation or man-in-the-middle 
attacks. BLUFFS are tracked as CVE-2023-24023, and affect Bluetooth Core 
Specification from version 4.2 onward. They affect Bluetooth at a fundamental 
level, the researchers said. 

Bluetooth has been around for years and is considered a safe, 
well-established standard for wireless communication. Therefore, these kinds 
of vulnerabilities could be abused to compromise billions of devices around 
the world, including laptops, smartphones, different internet-connected 
sensors, and more. 

Technical details about CVE-2023-45866 are to be released at a later date. 

 Via TheHackerNews More from TechRadar Pro Bluetooth devices could soon face 
a whole new level of security threats Here's a list of the best firewalls 
today These are the best endpoint protection software right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/this-bluetooth-security-flaw-could-be-u
sed-to-hijack-apple-and-linux-devices


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.