This Bluetooth security flaw could be used to hijack Apple and Linux devices

The flaw is tracked as CVE-2023-45866 and is described as an authentication bypass. Android, Linux, macOS, and iOS devices, are all susceptible, it was said.

Bluetooth under pressure

"Multiple Bluetooth stacks have authentication bypass vulnerabilities that permit an attacker to connect to a discoverable host without user confirmation and inject keystrokes," Newlin said. 

If the attacker is physically close enough to the victim endpoint, he can trick it into thinking it is paired with a new Bluetooth keyboard, and then use this new “keyboard” to run apps, arbitrary commands, and more. All it needs is a Linux computer with a regular Bluetooth adapter.

Google recently published a new security advisory to draw Android users’ attention to the flaw, and said that CVE-2023-45866 could lead to remote escalation of privilege “with no additional execution privileges needed.”

Bluetooth has been getting a lot of bad press lately. Just last week, researchers from Eurecom discovered two flaws collectively named BLUFFS, which allow attackers to mount device impersonation or man-in-the-middle attacks. BLUFFS are tracked as CVE-2023-24023, and affect Bluetooth Core Specification from version 4.2 onward. They affect Bluetooth “at a fundamental level”, the researchers said.

Bluetooth has been around for years and is considered a safe, well-established standard for wireless communication. Therefore, these kinds of vulnerabilities could be abused to compromise billions of devices around the world, including laptops, smartphones, different internet-connected sensors, and more.

Technical details about CVE-2023-45866 are to be released at a later date.

Via TheHackerNews

More from TechRadar Pro

• Bluetooth devices could soon face a whole new level of security threats
• Here's a list of the best firewalls today
• These are the best endpoint protection software right now