Bluetooth: the new threat to device security
Malicious people can connect via Bluetooth without your consent
Cybersecurity research has identified a critical Bluetooth vulnerability affecting various Android, Linux, iOS and macOS devices. Attackers can connect via Bluetooth without the user's consent, thus being able to control the device. Software companies are rolling out corrective patches. To prevent such attacks, disabling unused protocols and strong physical security of devices is suggested.
A recent investigation in the field of cyber security has brought to light a critical issue affecting Bluetooth and affecting numerous devices based on Android, Linux, iOS and macOS. The specific threat, which was documented by cybersecurity researcher Marc Newlin on the GitHub portal, threatens the safety of devices, potentially allowing attackers to gain control of them through an injection of simulated keyboard commands. This type of attack has been tagged with the identifier CVE-2023-45866.
Mechanism and implications of the attack
The attack exploits an intrinsic flaw in the Bluetooth protocol which, combined with specific bugs in the implementation in different OSes, allows attackers to masquerade as a Bluetooth keyboard and connect to a target device without requiring user consent. Once the connection is established, actions can be performed on the victim device, unless advanced authentication such as passwords or biometric recognition systems are required. This vulnerability has been verified on various devices that include Google's Pixel models and different editions of Ubuntu for Linux, as well as on several Apple devices.
Corrective interventions and company responsibilities
The details of this critical issue were disclosed only after giving the companies involved ample margin to implement adequate solutions. Google quickly reacted by integrating patches into Android versions 11 to 14, and Canonical released a fix for Ubuntu. On the other hand, Apple has not yet released a fix update that directly addresses the vulnerability. These actions by the companies come after Newlin conducted proactive communication about the issue in previous months.
Security tips for organizations
Expert John Gallagher, of Viakoo Inc, points out that IoT devices tend to have various communication protocols such as Wi-Fi and Bluetooth active by default, strengthening the argument that a key approach for organizations is to disable unused protocols to mitigate the risk. It also adds the importance of physical security, since direct access to devices can greatly simplify the work of hackers, making security systems a key point in the defensive strategy against cyber attacks.
Follow us on Facebook for more pills like this12/08/2023 05:03
Marco Verro