Thanks to the work of the cybersecurity expert Marc Newlin it was possible to discover a new vulnerability related to Bluetooth.
This exploit, it seems, has the characteristic of being dangerous for practically every major platform on the market, apart Windows. The flaw, in fact, is very interesting smartphone Android How much iPhoneas well as Mac and environments Linux. According to Newlin, this bug allows for the potential hacking of devices, without any particular action or forgetfulness on the part of the victim.
This all happens by forcing the operating system to connect to one tastiera Bluetooth fictitious, without requesting any authorization in this regard. It all happens through a function unauthenticated connection which, once exploited, allows cybercriminals to act as if they were the user himself.
To make everything even more disturbing is the fact that the attackers do not need any type of particular instrumentation or software: a simple laptop Linux it’s a adattatore Bluetooth standard.
The only real limit of this threat is the one strictly connected with the limited range of action of Bluetooth. In order to hack into a device, it is necessary to be within a few meters of the victim. However, this makes this flaw a real danger in certain contexts.
Bluetooth exploits: which devices are most at risk?
According to initial research, smartphones Android they appear to be the platform most in danger.
Marc Newlin’s tests, carried out on seven different phones, revealed how the versions 4.2.2, 6.0.1, 10, 11, 12, 13 e 14 of the operating system are actually at risk.
Other analyzes on operating systems Applestill partial, have revealed how they are certainly at risk iOS 16.6, Monterey 12.6.7 e Ventura 13.3.3. Despite this, Newlin was not able to test it first-hand on numerous iPhones and Macs, so it is possible that other products from the Cupertino giant could also be affected by this exploit.
As already mentioned, even Linux is not exempt from this danger. This attack also seems effective for BlueZthe Bluetooth stack included in the kernel Linux official.
In this sense, at the moment, the exploit has been ascertained on Free Linux 18.04, 20.04, 22.04 e 23.10. The bug affecting this vulnerability was generally fixed in 2000 but, to obtain real protection it is necessary to manually activate the appropriate setting, except on ChromeOSenvironment that second Google it is already working by default.