• Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

  • The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

  • Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

    • bless@lemmy.worldOP
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      Haha I like the spirit but that’s not really a fix that’s just avoidance.

    • DogMuffins
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      2
      ·
      1 year ago

      Sure mate, do you ever take your car out of the garage or do you just leave it there in case it breaks down on the way to the shops?

      I use Bluetooth devices with my phone all day every day. Car, headphones, watch, laptop, speakers. It’s fine if you don’t, but surely you can recognise that leaving bluetooth on for most people is about functionality rather than mere laziness.

      That said, I’m not at all surprised that a vulnerability exists. Consumer tech just isn’t built to be resilient in that way.

    • squiblet@kbin.social
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      That would be nice. Personally I have two medical devices that have to be constantly connected to my phone via Bluetooth.

    • TimLovesTech (AuDHD)(he/him)@badatbeing.social
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      That in theory works, if you don’t have to listen to music, use a smartwatch, own a wireless keyboard/mouse/headphones, etc. It’s in everything, and somethings lose all functionality w/out it.

    • Squeak@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      That’s like Steve jobs saying ‘you’re holding it wrong’ about the iPhone 4…

    • ramble81@lemm.ee
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Sure, but I’d like to listen to music… no wait, there’s no longer a 3.5mm jack. Okay, I want to get some information or a call in my car… no wait, there are hands free laws where I can’t hold my phone. Okay, let me check my watch for notifications…. no wait, it can’t connect to my phone now.