Changes in the way risk is viewed are leading to changes in the way training is conducted. Read More
Related Posts
New Bluetooth Vulnerability Let Hackers Takeover of iOS, Android, Linux, & MacOS Devices
New Bluetooth Vulnerability Let Hackers Takeover of iOS, Android, Linux, & MacOS Devices
Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices.
Such flaws in Bluetooth protocols enable the threat actors to steal sensitive data, eavesdrop on communications, and execute malicious actions.
A cybersecurity specialist, Marc Newlin, recently discovered a new Bluetooth vulnerability that enables threat actors to take over iOS, Android, Linux, and MacOS devices.
Bluetooth Vulnerabilities in Android, Linux, macOS, iOS
The threat actors can exploit the new vulnerability without user confirmation to pair an emulated Bluetooth keyboard and inject keystrokes.
Here below, we have mentioned all the vulnerabilities that are discovered by security researchers and affect the iOs, Android, Linux, and macOS:-
HID devices use reports for communication by covering input (keypresses, mouse actions), output (commands, state changes), and feature reports (device settings).
These reports are transport-agnostic, reaching the host via USB or Bluetooth. As the Bluetooth HID employs L2CAP sockets with port 17 for HID Control (feature reports, high latency) and port 19 for HID Interrupt (input/output reports, low latency).
An established Bluetooth HID link requires connections to both ports. Keyboard connection to ports 17 and 19 involves pairing and establishing a link key for data encryption, with bonding saving the key.
Meanwhile, out-of-band pairing enables pairing and bonding through non-Bluetooth channels like NFC or USB. Pairing Capability defines authentication mechanisms supported by hosts or peripherals.
Affected Linux Distributions
Here below, we have mentioned all the affected Linux distributions:-
Ubuntu
Debian
Redhat
Amazon Linux
Fedora
Gentoo
Arch
OpenEmbedded
Yocto
NixOS
Vulnerable devices allow pairing without user confirmation by supporting unauthenticated keyboard pairing.
Successful forced pairing and keystroke injection hinge on host discoverability, NoInputNoOutput pairing capability, and access to L2CAP ports 17 and 19.
Linux and Android expose ports when discoverable, while macOS, iOS, and Windows restrict access to known peripherals. Attacks on Linux and Android work with most Bluetooth adapters, while macOS, iOS, and Windows require a Broadcom-based adapter.
Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. Free demo available.
The post New Bluetooth Vulnerability Let Hackers Takeover of iOS, Android, Linux, & MacOS Devices appeared first on Cyber Security News.
Cyber Security News
Zeppelin ransomware source code sold for $500 on hacking forum
Zeppelin ransomware source code sold for $500 on hacking forum
A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. […] Read More
BleepingComputer
Five Core Tenets Of Highly Effective DevSecOps Practices
Five Core Tenets Of Highly Effective DevSecOps Practices
One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today’s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that deeply Read More