Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices.
Such flaws in Bluetooth protocols enable the threat actors to steal sensitive data, eavesdrop on communications, and execute malicious actions.
A cybersecurity specialist, Marc Newlin, recently discovered a new Bluetooth vulnerability that enables threat actors to take over iOS, Android, Linux, and MacOS devices.
Bluetooth Vulnerabilities in Android, Linux, macOS, iOS
The threat actors can exploit the new vulnerability without user confirmation to pair an emulated Bluetooth keyboard and inject keystrokes.
Here below, we have mentioned all the vulnerabilities that are discovered by security researchers and affect the iOs, Android, Linux, and macOS:-
HID devices use reports for communication by covering input (keypresses, mouse actions), output (commands, state changes), and feature reports (device settings).
These reports are transport-agnostic, reaching the host via USB or Bluetooth. As the Bluetooth HID employs L2CAP sockets with port 17 for HID Control (feature reports, high latency) and port 19 for HID Interrupt (input/output reports, low latency).
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
An established Bluetooth HID link requires connections to both ports. Keyboard connection to ports 17 and 19 involves pairing and establishing a link key for data encryption, with bonding saving the key.
Meanwhile, out-of-band pairing enables pairing and bonding through non-Bluetooth channels like NFC or USB. Pairing Capability defines authentication mechanisms supported by hosts or peripherals.
Affected Linux Distributions
Here below, we have mentioned all the affected Linux distributions:-
- Ubuntu
- Debian
- Redhat
- Amazon Linux
- Fedora
- Gentoo
- Arch
- OpenEmbedded
- Yocto
- NixOS
Vulnerable devices allow pairing without user confirmation by supporting unauthenticated keyboard pairing.
Successful forced pairing and keystroke injection hinge on host discoverability, NoInputNoOutput pairing capability, and access to L2CAP ports 17 and 19.
Linux and Android expose ports when discoverable, while macOS, iOS, and Windows restrict access to known peripherals. Attacks on Linux and Android work with most Bluetooth adapters, while macOS, iOS, and Windows require a Broadcom-based adapter.
Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. Free demo available.