• Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

  • The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

  • Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

  • DogMuffins
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    2
    ·
    11 months ago

    Sure mate, do you ever take your car out of the garage or do you just leave it there in case it breaks down on the way to the shops?

    I use Bluetooth devices with my phone all day every day. Car, headphones, watch, laptop, speakers. It’s fine if you don’t, but surely you can recognise that leaving bluetooth on for most people is about functionality rather than mere laziness.

    That said, I’m not at all surprised that a vulnerability exists. Consumer tech just isn’t built to be resilient in that way.