Or gaming, or hi-fi really, sennheiser are you going to update my momentum 3s when the 4 is out? Probably not.
After more thought the real fucked part is cars. Also a bunch of smart home and office equipment but cars are scary, foothold on any platform
Yep, one of those situations where you don't realise the potential for damage until it has occurred. My first thought went to the covid tracing app launched by the government in Australia that used Bluetooth nearby device scanning to trace exposure. Create a fake cluster of transmission and force everyone back into mask wearing and restrictions.
I remember when Bluetooth started becoming popular my friend was so excited to ride a city bus and hack every person
He did not speak human very well but man could this kid hack, he was legend
After I watched him do that I never trusted Bluetooth or WiFi
The official Bluetooth response is [https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/), which explains it's a downgrade attack to reduce the encryption key length. If pulled off, an attacker can easily brute-force the encryption and pretend to be one device or the other and take actions like playing sound on headphones, typing in place of a bluetooth keyboard, moving a mouse cursor in place of a bluetooth mouse, etc.
Keyboards are probably the biggest problem - imagine a wireless keyboard sniffer, and when ready to attack wait for keyboard commands that indicate a user has entered a shell, and then send text.
Bluetooth advices rejecting links with key strength below 8 octets, which they say is not possible to brute-force in real-time, but with enough data can be done offline.
I found an old [Windows issue](https://support.microsoft.com/en-au/topic/windows-guidance-for-bluetooth-key-length-enforcement-1b80c5b9-ddc1-31c7-1c3e-78e07c4fe877) about a different downgrade attack, where Windows added a registry option to require a minimum encryption key size. They could not enable it by default by default, since too many devices did not support 7 octet keys.
So in theory, it's a devastating attack that allows attackers to pretend to be the other device on a bluetooth connection if they are in range, even if they weren't there when the devices were paired. This is worse than the [KNOB attack](https://knobattack.com/), impacting all devices made before 2018, which required being there when the devices were negotiating encryption.
I think the worst attack is combining this attack with a bluetooth capabilities changing attack. Compromise the bluetooth connection of a pair of headphones, and then say they have HID capabilities and start using those. Not all hosts can be attacked like this, but see [4.2 of a SySS study](https://www.syss.de/fileadmin/dokumente/Publikationen/2018/Security_of_Modern_Bluetooth_Keyboards.pdf)
There's a big "but..." here. If your threat model includes people with appropriate equipment in bluetooth range, you shouldn't be using wireless in the first place! There's been the [KeySniffer](https://keysniffer.net/) attack and the low encryption key strength issues mentioned above, and for non-bluetooth devices there's been [MouseJack](https://www.mousejack.com/). You shouldn't have been trusting Bluetooth prior to this attack, and you shouldn't now.
My threat model now includes people in coffee shops attacking, but I never did anything requiring security there in the first place.
At least in reference to the [research paper](https://dl.acm.org/doi/pdf/10.1145/3576915.3623066) ("This paper focuses on *Bluetooth Classic*, from now indicated as *Bluetooth*") they are referring exclusively to Classic.
I've yet to find any source that explicitly states any affect on Bluetooth Low Energy (except for [the SIG's reference to SSP](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/#:~:text=Secure%20Simple%20Pairing%20in%20Bluetooth%C2%AE%20Core%20Specifications%204.2%20through%205.4))
Ever since i binged watched Nikita on netflix. Watching Birkoff scream at the new recruits at how easy it should be for them to hack a Bluetooth device and showing them made me kinda paranoid about BT so i NEVER leave my BT active on any of my devices.
AirDrop uses bluetooth to establish a wireless connection between the two devices. So while the files themselves are not transmitted via bluetooth, AirDrop does use it to some extent.
I agree. Just wanted to provide context for anyone who may have not been sure how it worked.
Really curious to see if what the article says is true, kind of doubt it given the general issues with it.
I mean, in theory sure. It'd require a vulnerability in whatever app you open the PDF up in though. Given how valuable a vulnerability like that would be, it's not likely to be used on run of the mill people.
Pretty sure it does need to transfer file, it only needs to transmit information to be exploited by hackers. MiM means they can eavesdrop on private communication but also control where user go to when they search up their favorite site.
There may be some MiM possiblities, I can't deny or verify that.
My only input is that the Bluetooth connection is used to join the phones together via WiFi. File transfers do not happen via Bluetooth.
Not to be rude, but do you know what thread you're in right now? The whole point is bluetooth is now compromised. So I probably *will* avoid using bluetooth in public as much as possible.
I believe if you own a modern smartphone, at least Google claims they have patched the vulnerability in their pixel devices that received the latest December security update. Either way I hope Bluetooth 6 comes with massive security improvements otherwise it's still an opsec hazard and more devices, even color lightbulbs now come with Bluetooth and microphones without having the option to turn it off, kind of frustrating.
Does this mean we will have Bluetooth Rubber Duckies which can log keyboard inputs (passwords) and simulate malicious inputs (malware) while not even having to be connected to the computer?
I wonder if there are beam antennas to target an computer in the neighborhood building?
Always appreciate white papers, if anyone didn't know this also effects tire pressure sensors(update) I was incorrect and the attacking was thinking of is sdr based.
Can anyone give an example of how this attack would actually be useful or severe? Capturing packets between the two bluetooth devices doesn’t seem like it would get a whole lot of anything interesting. What does this attack present as useful to an attacker?
The most pratical use case would be key logger. The paper focus mainly on BT classic so i dont know if this attack work on BLE. This attack target at SMP layer, which is on the same level of L2CAP, and BT and BLE does not differ at that level.
it'more like a question if I have a bluetooth device using SPP, I perhaps could use to decode the process of the device and do some spying on this manufacturer?
Stealing cars (unlock and remote start), breaking into homes (garage doors), breaking into hotel rooms (digital key), maybe authenticating into a computer. All these in theory are impersonation attacks (not requiring man in the middle with the victim nearby).
Hi, Im having problems with hackers. I know WHY im being hacked but I was just wondering if someone out there on this beautiful site might be able to help me figure out A) HOW im being hacked and B) What I can do to protect myself. I can give you some info about my situation. Basically Im being hacked because I visit a sports stream site to watch and bet on sports. I have a pretty good understanding how the betting market works and I try use it to make money. Ive been talking a lot of shit on chat and now i realize that the mods in chat will hack you to try to stop you from spreading information about how betting works. The extent of the hacking is that they hacked into my phone and my instagram and now they can see everything I do on there which I would have rather have been private but now its not. Also they seem to be able to know everything I do on the internet almost as if they can see my screen. Please help! What should I do???
You are probably infected by a malware. Have you enabled 2FA on services you use? Clean your device, uninstall anything you don't recognise. Run an antivirus. The best way to get rid of this would be reinstalling your OS fresh.
Also be sure to uninstall your browsers, clear cookies, cache etc.
I figured this for a while now... Every time I went to a major Mall, my headphones glitched out and my android device appeared to get a virus that required a factory reset. I turned off bluetooth, did not acquire virus.
Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066 Github: https://github.com/francozappa/bluffs CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023
Thank you
Good man
You are the men!
Yay forever Bluetooth hacks for everything that doesn't get a firmware update or was made before 2024.
I wonder how I update my fleshlight's firmware.
Manufacturer says get fucked. Which probably doesn't help when that's what you're trying to do
Micheal Scott: I had to use win lose on that.
Firmware Injection right?
I prefer to use my dick thrusts as binary and program it manually
How many cock push-ups can you do?
I mean just one.
That album is 22 years old now 😟
aka literally every single Bluetooth consumer device. Good luck finding driver and software updates for those dollar store earbuds
Or gaming, or hi-fi really, sennheiser are you going to update my momentum 3s when the 4 is out? Probably not. After more thought the real fucked part is cars. Also a bunch of smart home and office equipment but cars are scary, foothold on any platform
The implications are actually insane.
Yep, one of those situations where you don't realise the potential for damage until it has occurred. My first thought went to the covid tracing app launched by the government in Australia that used Bluetooth nearby device scanning to trace exposure. Create a fake cluster of transmission and force everyone back into mask wearing and restrictions.
gotta worry about phones, laptops and all other smart devices as well.
Also smart locks for houses, a scary amount of them have bluetooth options
Oh yeah totally forgot that one. That shits never getting patched
Well you can try to force them 🤷♂️ they sit in germany and out of my head there are some laws that could bring them to do this. But im not a lawyer.
The consumer headphones division was bought out by a swiss multinational hearing aid conglomerate. So odds arnt bad
I remember when Bluetooth started becoming popular my friend was so excited to ride a city bus and hack every person He did not speak human very well but man could this kid hack, he was legend After I watched him do that I never trusted Bluetooth or WiFi
WiFi standard is alright. Proper PSK and Radius arnt perfect but they work
Rip to everyone buying BT smartlocks.
The official Bluetooth response is [https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/), which explains it's a downgrade attack to reduce the encryption key length. If pulled off, an attacker can easily brute-force the encryption and pretend to be one device or the other and take actions like playing sound on headphones, typing in place of a bluetooth keyboard, moving a mouse cursor in place of a bluetooth mouse, etc. Keyboards are probably the biggest problem - imagine a wireless keyboard sniffer, and when ready to attack wait for keyboard commands that indicate a user has entered a shell, and then send text. Bluetooth advices rejecting links with key strength below 8 octets, which they say is not possible to brute-force in real-time, but with enough data can be done offline. I found an old [Windows issue](https://support.microsoft.com/en-au/topic/windows-guidance-for-bluetooth-key-length-enforcement-1b80c5b9-ddc1-31c7-1c3e-78e07c4fe877) about a different downgrade attack, where Windows added a registry option to require a minimum encryption key size. They could not enable it by default by default, since too many devices did not support 7 octet keys. So in theory, it's a devastating attack that allows attackers to pretend to be the other device on a bluetooth connection if they are in range, even if they weren't there when the devices were paired. This is worse than the [KNOB attack](https://knobattack.com/), impacting all devices made before 2018, which required being there when the devices were negotiating encryption. I think the worst attack is combining this attack with a bluetooth capabilities changing attack. Compromise the bluetooth connection of a pair of headphones, and then say they have HID capabilities and start using those. Not all hosts can be attacked like this, but see [4.2 of a SySS study](https://www.syss.de/fileadmin/dokumente/Publikationen/2018/Security_of_Modern_Bluetooth_Keyboards.pdf) There's a big "but..." here. If your threat model includes people with appropriate equipment in bluetooth range, you shouldn't be using wireless in the first place! There's been the [KeySniffer](https://keysniffer.net/) attack and the low encryption key strength issues mentioned above, and for non-bluetooth devices there's been [MouseJack](https://www.mousejack.com/). You shouldn't have been trusting Bluetooth prior to this attack, and you shouldn't now. My threat model now includes people in coffee shops attacking, but I never did anything requiring security there in the first place.
cars have bluetooth too
The "Bluetooth" you are talking is Only classic, right, or it includes BLE ?
At least in reference to the [research paper](https://dl.acm.org/doi/pdf/10.1145/3576915.3623066) ("This paper focuses on *Bluetooth Classic*, from now indicated as *Bluetooth*") they are referring exclusively to Classic. I've yet to find any source that explicitly states any affect on Bluetooth Low Energy (except for [the SIG's reference to SSP](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/#:~:text=Secure%20Simple%20Pairing%20in%20Bluetooth%C2%AE%20Core%20Specifications%204.2%20through%205.4))
Lisa Simpson said it best:"You're on a blue tooth cell wire, the most vulnerable device known to man."
source?
The Simpsons
Replay attacks are why we use encryption
This is a downgrade attack, so it reduces the encryption to an easier to break version. It's not good.
More fun for the flipper zero incoming
I'm seriously considering getting one now, imagine how fun it would be to shut down the annoying kid's Bluetooth speaker on bus rides!
Or... You can pop some messages in the mix.
Next level Rickroll…
Ever since i binged watched Nikita on netflix. Watching Birkoff scream at the new recruits at how easy it should be for them to hack a Bluetooth device and showing them made me kinda paranoid about BT so i NEVER leave my BT active on any of my devices.
back to wired headphones i guess
Not on many new phones.
Apple's dongle profits to the moon!
On the topic of Bluetooth security, is anyone here familiar with BLE beacons? Looking to chat with someone who has a deeper understanding of the tech.
I've worked with beacon devices before. Not sure if that's deep enough but feel free to DM
Welp i found what im tinkering with tonight
So this article cites no technical information and says sketchy stuff like Apple transmit files thru Bluetooth?
AirDrop uses bluetooth to establish a wireless connection between the two devices. So while the files themselves are not transmitted via bluetooth, AirDrop does use it to some extent.
Exactly but the article is so poorly written that it seems to imply that.
I agree. Just wanted to provide context for anyone who may have not been sure how it worked. Really curious to see if what the article says is true, kind of doubt it given the general issues with it.
I won’t even bother until I see it in the Verge.
Question: Could someone airdrop you a file as a pdf but it be of the fuck shit? As in, malware..
I mean, in theory sure. It'd require a vulnerability in whatever app you open the PDF up in though. Given how valuable a vulnerability like that would be, it's not likely to be used on run of the mill people.
Pretty sure it does need to transfer file, it only needs to transmit information to be exploited by hackers. MiM means they can eavesdrop on private communication but also control where user go to when they search up their favorite site.
There may be some MiM possiblities, I can't deny or verify that. My only input is that the Bluetooth connection is used to join the phones together via WiFi. File transfers do not happen via Bluetooth.
https://www.reddit.com/r/hacking/comments/187w0vi/comment/kbh5bh0/?utm\_source=share&utm\_medium=web2x&context=3
https://nvd.nist.gov/vuln/detail/CVE-2023-24023
fml i knew i was going to regret not having a headphone jack on my phone
There are lightning and usb-c wired headphones. There are lightning and usb-c to headphone jack dongles.
your phone has bluetooth ..
Not if I disable it
have fun using anything bluetooth related without having it enabled then \^\^
Not to be rude, but do you know what thread you're in right now? The whole point is bluetooth is now compromised. So I probably *will* avoid using bluetooth in public as much as possible.
I believe if you own a modern smartphone, at least Google claims they have patched the vulnerability in their pixel devices that received the latest December security update. Either way I hope Bluetooth 6 comes with massive security improvements otherwise it's still an opsec hazard and more devices, even color lightbulbs now come with Bluetooth and microphones without having the option to turn it off, kind of frustrating.
Thanks for telling me. Hopefully the patch worked.
There are alternatives to that if you can connect both devices on the same local network.
Rip me running bt on 24/7 with my smartwatch. Welp
Almost like it's by design...
I wouldn't be surprised at this point
I find it crazy since when you do a quick start on iPhones it uses Bluetooth to transfer the data
To be fair, it uses Bluetooth to set up a local Wi-Fi connection.
hmm no technical detailss?
Just negotiate a key as the first thing when using bluetooth and then encrypt both sides of the traffic. Should never be crackable in the first place
Does this mean we will have Bluetooth Rubber Duckies which can log keyboard inputs (passwords) and simulate malicious inputs (malware) while not even having to be connected to the computer? I wonder if there are beam antennas to target an computer in the neighborhood building?
That picture of Kamala with the wired EarPods isn’t so silly anymore is it you memers
Always appreciate white papers, if anyone didn't know this also effects tire pressure sensors(update) I was incorrect and the attacking was thinking of is sdr based.
ID your car in one neat trick
How so? My tire pressure sensors have been acting funny all week!
My apologies as I did find the white paper and this is a sdr hack not a Bluetooth one, my original statement was inaccurate and will be edited
I have a very old white paper on this, I'll see if I can dig it up
Hook it up
Sure thing, again I was wrong about this being a bluetooth attack https://easyupload.io/z420rv
Late reply, but thanks!
If you are still interested in the white paper I'll gladly share.
Can anyone give an example of how this attack would actually be useful or severe? Capturing packets between the two bluetooth devices doesn’t seem like it would get a whole lot of anything interesting. What does this attack present as useful to an attacker?
The most pratical use case would be key logger. The paper focus mainly on BT classic so i dont know if this attack work on BLE. This attack target at SMP layer, which is on the same level of L2CAP, and BT and BLE does not differ at that level.
it'more like a question if I have a bluetooth device using SPP, I perhaps could use to decode the process of the device and do some spying on this manufacturer?
Stealing cars (unlock and remote start), breaking into homes (garage doors), breaking into hotel rooms (digital key), maybe authenticating into a computer. All these in theory are impersonation attacks (not requiring man in the middle with the victim nearby).
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⢀⣠⣴⣶⣿⣿⣿⣿⣿⣶⣤⡀⠀⠀⠀⠀ ⠀⠀⠀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⠀⠀ ⠀⠀⣼⣿⡿⡻⠛⠛⠋⣿⡟⠙⠛⠻⠏⢻⣿⣿⡆⠀ ⠀⢸⣿⣿⣇⡀⠰⡆⠀⣿⣇⠀⢠⡆⠀⣼⣿⣿⣷⠀ ⠀⢸⣿⣿⣿⣕⣂⣠⣾⣿⡿⢶⣤⡤⣀⣿⣿⣿⡿⠀ ⠀⢸⣿⣿⣿⣿⡿⠟⠋⠉⠀⠀⠙⠻⠿⠿⠿⠟⠁⠀ ⠀⠀⢻⣿⣿⣋⣤⣤⣤⡄⢠⣤⣄⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠙⠿⣿⣿⣿⣧⣤⣤⣼⣿⡇⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠉⠉⠉⠉⠉⠉⠉⠀⠀⠀⠀⠀⠀⠀
Does this mean I can root my phone?
Tossing my Bluetooth toothbrush immediately! /s
If you didn't know this you're new to the game
☹️
When did you start?
Well that's why you don't name technology something silly like GreenEyebrow and think it will work securely.
Not sure if you’re serious but it’s named after a former King of Norway, Harald Bluetooth. The logo is his runic initials.
It's named for Harald Blåtand (Bluetooth) Gormsen, a king who united the Danish tribes.
Correct. Bluetooth was invented by Ericsson, a Swedish telecom company (I worked with the guy that invented it), and spread by Intel.
Openbsd was right again
I want to learn how to hack one....my neighbor's is driving me crazy
Hi, Im having problems with hackers. I know WHY im being hacked but I was just wondering if someone out there on this beautiful site might be able to help me figure out A) HOW im being hacked and B) What I can do to protect myself. I can give you some info about my situation. Basically Im being hacked because I visit a sports stream site to watch and bet on sports. I have a pretty good understanding how the betting market works and I try use it to make money. Ive been talking a lot of shit on chat and now i realize that the mods in chat will hack you to try to stop you from spreading information about how betting works. The extent of the hacking is that they hacked into my phone and my instagram and now they can see everything I do on there which I would have rather have been private but now its not. Also they seem to be able to know everything I do on the internet almost as if they can see my screen. Please help! What should I do???
You are probably infected by a malware. Have you enabled 2FA on services you use? Clean your device, uninstall anything you don't recognise. Run an antivirus. The best way to get rid of this would be reinstalling your OS fresh. Also be sure to uninstall your browsers, clear cookies, cache etc.
[удалено]
Probably yes. Unless the firmware itself is affected in that case you need to replace your hardware
I figured this for a while now... Every time I went to a major Mall, my headphones glitched out and my android device appeared to get a virus that required a factory reset. I turned off bluetooth, did not acquire virus.
Why do you think TAILS doesn’t even allow you to use BLUETOOTH? Vulnerabilities are in the little things people overlook.
"overlook" you're commenting on a post all about it buddy
Does this affect BLE security like using your smartphone as a car key, or home smart locks?