Hackers seize control of iOS, Android, Linux, & MacOS through Bluetooth

TLDR:

A new Bluetooth vulnerability has been discovered that could allow hackers to take over iOS, Android, Linux, and MacOS devices. The vulnerability enables threat actors to pair an emulated Bluetooth keyboard without user confirmation and inject keystrokes, giving them unauthorized access to sensitive data, the ability to eavesdrop on communications, and execute malicious actions. The vulnerability affects various operating systems, including Android, Linux, macOS, and iOS. Security researchers have identified several CVEs that are impacted by the vulnerabilities.

Key Points:

• New Bluetooth vulnerabilities discovered in Android, Linux, macOS, iOS, and Windows
• Hackers can exploit the vulnerability to gain unauthorized access to devices, steal sensitive data, eavesdrop on communications, and execute malicious actions
• Vulnerabilities affect HID devices that use reports for communication
• Bluetooth HID employs L2CAP sockets with ports 17 and 19 for HID Control and HID Interrupt
• Affected Linux distributions include Ubuntu, Debian, Redhat, Amazon Linux, Fedora, Gentoo, Arch, OpenEmbedded, Yocto, NixOS
• Vulnerable devices allow pairing without user confirmation and unauthenticated keyboard pairing

A new Bluetooth vulnerability has been discovered that poses a serious threat to devices running Android, Linux, macOS, iOS, and Windows operating systems. The vulnerability allows hackers to gain unauthorized access to vulnerable devices and carry out a range of malicious activities. Security researcher Marc Newlin recently discovered the vulnerability and identified several CVEs that are affected by it.

The vulnerability can be exploited by hackers to pair an emulated Bluetooth keyboard with a targeted device without user confirmation. Once paired, the hackers can inject keystrokes, steal sensitive data, eavesdrop on communications, and carry out other malicious actions.

HID (Human Interface Device) devices use reports for communication, including input, output, and feature reports. These reports are transport-agnostic and can be sent via USB or Bluetooth. Bluetooth HID uses L2CAP sockets with ports 17 and 19 for HID Control and HID Interrupt. A successful Bluetooth HID link requires connections to both of these ports.

The vulnerability arises from the ability to pair a keyboard to the ports without user confirmation. This is possible in devices that support unauthenticated keyboard pairing and have certain discoverability settings enabled. Linux and Android devices expose ports when discoverable, while macOS, iOS, and Windows devices restrict access to known peripherals. Attacks on Linux and Android devices work with most Bluetooth adapters, but macOS, iOS, and Windows devices require a Broadcom-based adapter.

Overall, this new Bluetooth vulnerability highlights the importance of regularly updating devices and being aware of potential security flaws. It is crucial for users to install any security patches or updates released by device manufacturers to mitigate the risk of exploitation. Additionally, users should be cautious when connecting to unfamiliar Bluetooth devices and ensure that their devices have the latest security protections in place.