Home > News > Bluetooth Flaw: Multi-OS Takeover Risk! 馃毃馃摫

Bluetooth Flaw: Multi-OS Takeover Risk! 馃毃馃摫

: bluetooth flaw: multi-os takeover risk! 馃毃馃摫

Magic Keyboard Vulnerability: Takeover of iOS, Android, Linux, and macOS Devices

A Bluetooth security flaw has been discovered that leaves keyboards vulnerable to injection attacks, which can allow attackers to take over user devices. Security researcher Marc Newlin shared how he discovered the flaw that tricks the Bluetooth host machine into pairing with a fake keyboard without user confirmation, leaving Android, Linux, macOS, and iOS devices vulnerable to takeovers.

Google, Microsoft, Linux (BlueZ), and Apple have rolled out fixes for the flaw over the past six weeks. Android devices are vulnerable whenever Bluetooth is enabled, while Linux devices require Bluetooth to be discoverable or connectable. iOS and macOS devices become vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer.

Key Takeaways

  • Bluetooth vulnerability extends to Android, Linux, macOS, and iOS devices.
  • Extracting Bluetooth link keys and pairing with different hosts leaves devices vulnerable to injection attacks.
  • The hacker community should continue probing Bluetooth flaws to improve overall device security.

Extracting Bluetooth Link Keys and Pairing with Different Hosts

Wireless devices are becoming increasingly popular, and with that comes an increase in vulnerabilities. One such vulnerability that has been discovered is the ability to extract Bluetooth link keys and pair with different hosts. This vulnerability can be exploited to extract the Bluetooth link key from a Magic Keyboard or its paired Mac through out-of-band pairing, unauthenticated Bluetooth human interface devices (HIDs), extracting the key from the lightning port or USB port on the Mac, or pairing the Magic Keyboard to a different host.

The vulnerability was first discovered by a security researcher who has a history of disclosing wirelessly exploitable vulnerabilities. This researcher discovered a class of security vulnerabilities called MouseJack in 2016 that allowed keystroke injection into wireless mice. After making headway on fuzzing Dell's AW920K keyboard, the researcher moved on to Apple's Magic Keyboard.

The researcher found that vulnerabilities in the Magic Keyboard could be exploited to extract the Bluetooth link key via the Lightning port or unauthenticated Bluetooth. If Lockdown Mode is not enabled, the link key can be read from the paired Mac over a lightning cable or USB. This vulnerability can be used to extract keystrokes and execute arbitrary commands on the target device.

The vulnerability works by tricking the Bluetooth host machine into pairing with a fake keyboard without user confirmation, allowing threat actors to take control of Android, Linux, macOS, and iOS devices. The vulnerability affects various operating systems, including Android, Linux, macOS, iOS, and Windows. The vulnerability is tracked as CVE-2023-45866 and CVE-2024-21306.

The Bluetooth specification includes an unauthenticated pairing mechanism that does not require a password. This vulnerability allows attackers to bypass authentication and execute arbitrary actions on the target device. The vulnerability also affects the Bluetooth protocol and has been patched by the Bluetooth SIG.

Linux (BlueZ) and Apple have rolled out patches for the Bluetooth security flaw. However, the vulnerability is still present in other devices, such as wireless mice and gaming keyboards. The vulnerability can be exploited using a Python script or proof-of-concept exploit scripts.

Mitigation for this vulnerability includes enabling Lockdown Mode and using Bluetooth encryption schemes. Security updates should also be applied to the affected devices to prevent code execution. The vulnerability is similar to the authentication-bypass bugs found in the Bluetooth host state-machine, which allowed for the emulated Bluetooth keyboard to execute arbitrary commands.

In conclusion, the vulnerability in Bluetooth link keys and pairing with different hosts allows attackers to take control of Android, Linux, macOS, and iOS devices. The vulnerability affects various operating systems, including Android, Linux, macOS, iOS, and Windows. The vulnerability has been patched by the Bluetooth SIG, Linux (BlueZ), and Apple, but other devices, such as wireless mice and gaming keyboards, are still vulnerable. Mitigation for this vulnerability includes enabling Lockdown Mode and using Bluetooth encryption schemes.

Bluetooth Vulnerability Extends to Other Platforms

new bluetooth vulnerability allows takeover of ios, android, linux, and macos devices" focuses on the unified effort to address the vulnerability. it showcases symbols from ios, android, linux, and macos converging to form a protective shield around the bluetooth symbol, illustrating a collaborative defense strategy. the design, with its emphasis on security and cooperation, set against a backdrop of digital patterns and cybersecurity icons, conveys a powerful message of resilience and collective action against cyber threats.
New Bluetooth Vulnerability Allows Takeover Of Ios, Android, Linux, And Macos Devices&Quot; Focuses On The Unified Effort To Address The Vulnerability. It Showcases Symbols From Ios, Android, Linux, And Macos Converging To Form A Protective Shield Around The Bluetooth Symbol, Illustrating A Collaborative Defense Strategy. The Design, With Its Emphasis On Security And Cooperation, Set Against A Backdrop Of Digital Patterns And Cybersecurity Icons, Conveys A Powerful Message Of Resilience And Collective Action Against Cyber Threats. : Bluetooth Flaw: Multi-Os Takeover Risk! 馃毃馃摫

After discovering vulnerabilities in Apple devices, security researcher Newlin expanded his research to other platforms. He found that the Bluetooth vulnerability also affects Android and Linux devices. On Android devices, an attacker can pair an emulated keyboard with the device and inject keystrokes, including at the lock screen, as long as Bluetooth is enabled on the device. The user does not have to have a keyboard paired with their phone already. This attack works on any Android device with Bluetooth enabled, including the Blu Dash 3.5 and the Pixel.

On Linux, the attack is similar, but the device must be discoverable and connectable over Bluetooth for the attack to work. The attacker can force-pair a keyboard and inject keystrokes without the user's confirmation. This vulnerability was fixed in 2020, but the fix was disabled by default. The vulnerability affects Linux computers running Ubuntu, Debian, Fedora, Gentoo, and other distributions.

The vulnerability also affects macOS and iOS devices, as well as Microsoft Windows devices. Apple released a security update to address the vulnerability affecting the Magic Keyboard. However, the vulnerability still affects MacBook Pro, MacBook Air, and iPhone SE devices running iOS 16. Mobile security experts recommend keeping Bluetooth turned off when not in use to mitigate the risk of an attack.

The Hacker Community Should Continue Probing Bluetooth Flaws

Security researcher Marc Newlin believes that the hacker community should continue probing Bluetooth flaws. He thinks that the vendors and the Bluetooth team share responsibility for missing these bugs. Some of them have been around for more than a decade, and they should have been found earlier.

Newlin received $1,000 from Microsoft and $15,000 from Google in bug bounties for his efforts in discovering the Bluetooth bug that leaves keyboards vulnerable to injection attacks that can allow attackers to take over user devices. However, Apple is still reviewing whether or how much it will pay Newlin, and his bugs may not be eligible for the Apple Bounty program because they do not fit into any of their bug bounty categories.

Newlin encourages security researchers to continue probing Bluetooth flaws. He believes that it may take a while before the full extent of Bluetooth flaws is known, and that it will take the community actually fleshing these out and identifying all these additional effective systems beyond what he has seen himself. He thinks that there are other types of Bluetooth vulnerabilities that might be possible with these same attack vectors, but he does not have enough knowledge about Bluetooth at this point to really understand where that will go.

Newlin presented his research on the Bluetooth vulnerability at the penultimate annual ShmooCon conference in Washington, DC. He has seen a lot of excitement from some friends with whom he has shared the proof-of-concept code, and he is encouraged that people are excited to dig into this.

The hacker community should continue probing Bluetooth flaws to identify and report them to vendors. This will help vendors fix the issues before active exploitation occurs. Additionally, it will help vendors improve their bug bounties and reward security researchers for their efforts.

Frequently Asked Questions

How does the Bluetooth flaw impact device security?

The Bluetooth flaw, also known as CVE-2023-45866, can allow attackers to inject keystrokes remotely into a device, potentially compromising its security. This vulnerability affects devices running on iOS, Android, Linux, and macOS operating systems.

What steps should users take to protect against the Bluetooth flaw affecting multiple operating systems?

Users should ensure that their devices are running the latest firmware updates to address the Bluetooth flaw. They should also avoid connecting to unknown or suspicious Bluetooth devices and disable Bluetooth when not in use. Additionally, users should only pair their devices with trusted Bluetooth devices and keep their devices up-to-date with the latest security patches.

Can the CVE-2023-45866 vulnerability be mitigated, and if so, how?

The CVE-2023-45866 vulnerability can be mitigated by updating the firmware of the affected devices. Users should check for available firmware updates and install them as soon as possible. Additionally, users should avoid connecting to unknown or suspicious Bluetooth devices and disable Bluetooth when not in use.

What are the implications of the magic keyboard vulnerability for corporate IT security?

The magic keyboard vulnerability can pose a significant risk to corporate IT security. If a corporate device is compromised, it can lead to the exposure of sensitive corporate data and intellectual property. Therefore, it is recommended that IT departments keep their devices up-to-date with the latest security patches and educate their employees on safe Bluetooth practices.

How can users check if their device has been compromised due to this vulnerability?

Users can check if their device has been compromised by looking for any suspicious activities or behavior on their device. Additionally, users can check for any unauthorized firmware updates or changes to their device's Bluetooth settings. If users suspect that their device has been compromised, they should contact their device manufacturer or IT department immediately.

What are the recommended security patches to address the magic keyboard vulnerability?

The recommended security patches to address the magic keyboard vulnerability are firmware updates provided by the device manufacturer. Users should check for available firmware updates and install them as soon as possible to address the vulnerability.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.