Android, Linux, macOS, iOS… This Bluetooth flaw affects millions of devices, even recent ones


Corentin Béchade

December 11, 2023 at 7:42 a.m.

3

Bluetooth_Faille_Illus_1112 © ymgerman / Shutterstock

Bluetooth, again the victim of a security breach © ymgerman / Shutterstock

A new week, a new computer breach. A cybersecurity specialist has just revealed unflattering research results regarding Bluetooth.

Easy to use and widespread, Bluetooth seems to have many problems. Security flaws found within the wireless exchange protocol are legion. Already in 2020, a problem inherent in the development of the standard itself was talked about due to its presence in a large number of devices. Three years later, do it again. A security researcher has just detailed the operation of a major flaw that affects millions of devices.

Android, iOS, Mac and Linux devices affected

This bug, discovered by an Internet user calling himself “Keyboard”, allows you to connect discreetly to any device within range. By pretending to be a wireless keyboard, it is possible to pair with a machine, whether macOS, Android, Linux or iOS, without confirmation from its owner. Once the connection is established, it is possible “to inject keystrokes to, for example, install applications, execute arbitrary commands, forward messages, etc.“. In short, take control of a device.

The bug is exploitable on Android devices as soon as Bluetooth is activated. For iOS or macOS machines, Bluetooth must be active and a Magic Keyboard must have been paired to the device for the first time. Finally, Linux machines are only vulnerable during the pairing and Bluetooth device search phase.

The bug was tested on Android versions ranging from 4.2.2 to the very recent version 14, on macOS with version 12.6.7 on a MacBook Air and 13.3.3 on a MacBook Pro M2. On iOS, version 16.6, at least, seems to be affected and, as for Linux, versions of Ubuntu since 18.04 seem affected too.

Patches already deployed

Fortunately, device manufacturers having been warned, fixes have been, or will be, deployed. On Android, the December 2023 patches should resolve the problem and on Linux, there is a patch to install by hand (while waiting for it to find its way to the official repositories of the different distributions). Unfortunately, it’s unlikely that older versions of Android will ever get a patch.

Don’t panic though, the attack can only be carried out when your device is within Bluetooth range, which reduces the risks. However, remember to make your updates carefully in the coming weeks. It’s never lost anyway, who knows when the next Bluetooth vulnerability will be discovered?

Source : Github

Corentin Béchade



A journalist for almost 10 years, I have been in the tech and digital sector since my very first jobs. Tinkerer (a lot), librarian (a little), I developed a specialization in...

Read other articles

A journalist for almost 10 years, I have been in the tech and digital sector since my very first jobs. Tinkerer (a lot), librarian (a little), I have developed a specialization in the themes of ecology and digital technology as well as the protection of private life. On weekends I torture Raspberry Pis with lots of 'sudo' commands to relax.

Read other articles

  • Android

  • Operating system (OS)

  • Anti-virus

  • Apple

  • Bluetooth

  • Telecom

  • Linux

  • Software

  • Google

  • iOS

  • Mobile

  • macOS

  • Cyber ​​security





Source link -99