• Bluetooth hack : Hi, My Name Is Keyboard

    Author
    Topic
    #2609415

    https://github.com/skysafe/reblog/tree/main/cve-2023-45866#hi-my-name-is-keyboard

    CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS

    ..The vulnerabilities work by tricking the Bluetooth host state-machine into pairing with a fake keyboard without user-confirmation. The underlying unauthenticated pairing mechanism is defined in the Bluetooth specification, and implementation-specific bugs expose it to the attacker. Unpatched devices are vulnerable under the following conditions:

    Android devices are vulnerable whenever Bluetooth is enabled
    Linux/BlueZ requires that Bluetooth is discoverable/connectable
    iOS and macOS are vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer
    The vulnerabilities can be exploited from a Linux computer using a standard Bluetooth adapter. Once the attacker has paired with the target phone or computer, they can inject keystrokes to perform arbitrary actions as the victim, provided those actions don’t require a password or biometric authentication…

    Some of the vulnerabilities predate MouseJack, and I was able to reproduce keystroke-injection on Android back to version 4.2.2, which was released in 2012. The Linux vulnerability was fixed in 2020 (CVE-2020-0556), but the fix was left disabled by default. ChromeOS is the only Linux-based OS known to have enabled the fix, even though it was announced by Ubuntu, Debian, Fedora, Gentoo, Arch and Alpine. The BlueZ patch for CVE-2023-45866 enables the 2020 fix by default…

    What is the vulnerability?

    Multiple Bluetooth stacks have authentication-bypass vulnerabilities that permit an attacker to connect to a discoverable host without user-confirmation and inject keystrokes.

    What is the impact?

    A nearby attacker can connect to a vulnerable device over unauthenticated Bluetooth and inject keystrokes to eg. install apps, run arbitrary commands, forward messages, etc.

    What hardware is required exploit the vulnerability?

    The attack does not require specialized hardware, and can be performed from a Linux computer using a normal Bluetooth adapter. ..

    Viewing 8 reply threads
    Author
    Replies
    • #2609442

      I can’t type properly when I can see the screen, never mind when I can’t!

    • #2609581

      If you’re in an environment where Bluetooth is discoverable, turn it off.

      MacOS, iOS, iPadOS, and SOS at times.

    • #2609591

      If you’re in an environment where Bluetooth is discoverable, turn it off.

      BT is discoverable everywhere like with smartwatches, ear/headphones, Airtag, Tile…

      • #2609837

        Smash-and-grab car breakins are often the result of thieves with BT scanners looking for cellphones, laptops, etc. in locked cars. They can rapidly go thru a parking lot looking for high value targets.

        1 user thanked author for this post.
    • #2609858

      cellphones, laptops, etc. in locked cars.

      I would say people leaving cellphones, laptops, etc in cars take the risks.

    • #2610099

      Those who do believe the device is hidden out of sight.

    • #2610792

      Bluetooth range is around 10 meters/30 feet. If you turn Bluetooth off when you leave the house, you should be safe.

      Sucks for the phones that have gotten rid of microphone ports, so make that a consideration when you get a phone if you are addicted to things like AirPods.

    • #2610800

      If you turn Bluetooth off when you leave the house, you should be safe.

      So how will my Apple Watch, Air Pods, BT headphones, Air Tag… work ?

      How will my iPhone / Apple Watch notify me that I have left the other device at home / Office / Restaurant / Cab…?

    • #2611236

      I turned my Bluetooth off on my phone, and also on the laptop.

      If one does not have any use for it, what is the advantage for it to be on?

      Any words of wisdom? Thanks!

      Win 10 Home 22H2

    • #2611462

      If one does not have any use for it, what is the advantage for it to be on?

      None.

      If you don’t use a device or your car has no Infotainment system, you don’t need BT.

    Viewing 8 reply threads
    Reply To: Bluetooth hack : Hi, My Name Is Keyboard

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: