AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Bluetooth: the new threat to device security

Malicious people can connect via Bluetooth without your consent

Cybersecurity research has identified a critical Bluetooth vulnerability affecting various Android, Linux, iOS and macOS devices. Attackers can connect via Bluetooth without the user's consent, thus being able to control the device. Software companies are rolling out corrective patches. To prevent such attacks, disabling unused protocols and strong physical security of devices is suggested.

This pill is also available in Italian language

A recent investigation in the field of cyber security has brought to light a critical issue affecting Bluetooth and affecting numerous devices based on Android, Linux, iOS and macOS. The specific threat, which was documented by cybersecurity researcher Marc Newlin on the GitHub portal, threatens the safety of devices, potentially allowing attackers to gain control of them through an injection of simulated keyboard commands. This type of attack has been tagged with the identifier CVE-2023-45866.

Mechanism and implications of the attack

The attack exploits an intrinsic flaw in the Bluetooth protocol which, combined with specific bugs in the implementation in different OSes, allows attackers to masquerade as a Bluetooth keyboard and connect to a target device without requiring user consent. Once the connection is established, actions can be performed on the victim device, unless advanced authentication such as passwords or biometric recognition systems are required. This vulnerability has been verified on various devices that include Google's Pixel models and different editions of Ubuntu for Linux, as well as on several Apple devices.

Corrective interventions and company responsibilities

The details of this critical issue were disclosed only after giving the companies involved ample margin to implement adequate solutions. Google quickly reacted by integrating patches into Android versions 11 to 14, and Canonical released a fix for Ubuntu. On the other hand, Apple has not yet released a fix update that directly addresses the vulnerability. These actions by the companies come after Newlin conducted proactive communication about the issue in previous months.

Security tips for organizations

Expert John Gallagher, of Viakoo Inc, points out that IoT devices tend to have various communication protocols such as Wi-Fi and Bluetooth active by default, strengthening the argument that a key approach for organizations is to disable unused protocols to mitigate the risk. It also adds the importance of physical security, since direct access to devices can greatly simplify the work of hackers, making security systems a key point in the defensive strategy against cyber attacks.

Follow us on Threads for more pills like this

12/08/2023 05:03

Editorial AI

Complementary pills

Critical security update on iOS 17.2Fighting bluetooth threats: Apple fixes critical vulnerabilities with new iOS 17.2 update

Bluffs: the alarm of the Italian researcher on bluetooth securityBluffs vulnerability revealed: how it risks your privacy through bluetooth

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data