Turning off Bluetooth entirely when out in public might seem like a reasonable idea following the discovery of two new vulnerabilities that put iPhones, Android smartphones, Macs and other devices at risk of attack.
While the first vulnerability, known as BLUFFS, could allow an attacker to impersonate your devices. The second could be exploited by hackers to take full control of your devices, as if they were paired to a Bluetooth keyboard.
As reported by Dark Reading, this newly discovered critical Bluetooth vulnerability (tracked as CVE-2022-45866) is a keystroke injection flaw that works by tricking your smartphone or computer into pairing with a fake keyboard. To make matters worse, this fake keyboard can connect to your devices without confirmation from you.
The flaw itself was discovered by SkySafe’s Marc Newlin, who detailed his findings in a blog post. He explained that he stumbled upon it when investigating Apple’s Magic Keyboard. Newlin soon realized that the flaw is even exploitable in Lockdown Mode on both iOS and macOS, though Android and Linux devices are vulnerable as well.
Once an attacker has paired an emulated Bluetooth keyboard with your smartphone or computer, they can then perform any action that doesn’t require a password or your fingerprint. From installing new apps to forwarding emails or text messages, there’s a lot someone can do, even without direct access to your devices.
A simple flaw that’s gone undetected for a decade
Unlike the recently discovered flaw in the Bluetooth protocol, this one has been around for at least 10 years. The reason it has gone undetected for so long, according to Newlin, is that it’s a relatively simple flaw hidden in plain sight.
While other security researchers have been looking for weaknesses in Bluetooth’s encryption schemes, few have thought to search for simple authentication-bypass bugs like this one.
When it comes to the best Android phones, they have been vulnerable to this flaw since 2012 when Android 4.2.2 was released. At the same time, though, this flaw was patched in the Linux kernel in 202. But for some reason, the fix was left disabled by default based on Newlin’s research into the matter.
Since his discovery, Newlin has informed Apple, Google and Bluetooth SIG about the flaw. While there are patches for most of the impacted devices, some still remain vulnerable including many of the best MacBooks as well as several iPhones and Android smartphones.
How to stay safe from Bluetooth attacks
When it comes to malware and malicious apps, the best antivirus software or one of the best Android antivirus apps can help protect your devices from potential attacks. Unfortunately, the same can’t be said for attacks that exploit Bluetooth flaws.
Your only option is to disable Bluetooth when out in public, which can be really inconvenient for those who use wireless earbuds, one of the best smartwatches and especially so for people who wear a Bluetooth hearing aid. The reason why is that an attacker would need to be in close proximity to you and your devices to exploit this flaw.
Thankfully, this is a critical vulnerability that Apple, Google and other hardware makers as well as Bluetooth SIG have already been informed about, so if your device hasn’t been patched yet, a fix will likely arrive soon. As such, you're going to want to install any new security updates for your smartphone or computer as soon as they become available.
We’ll update this story as we learn more about this vulnerability and how companies are planning on addressing it.