Marc Newlin, a software engineer at Skysafe, has identified critical vulnerabilities in the Bluetooth functionalities of widely-used operating systems including macOS, iOS, Android, and Linux. This discovery highlights a potential risk for millions of users globally, who rely on these platforms for both personal and professional use.
The vulnerabilities discovered by Newlin allow attackers to bypass the Bluetooth authentication process on target devices. This means that an unauthorized user could potentially connect to a device without the owner’s knowledge or consent. The simplicity of the attack method is particularly alarming — it only requires a standard Linux computer equipped with a conventional Bluetooth adapter.
The scope of this security flaw is extensive, affecting various versions of macOS, iOS, Linux, and Android. This includes Android versions that have been in use for the past eleven years. The attack, registered under CVE-2023-45866, has different prerequisites across operating systems. For instance, on Android, the Bluetooth interface merely needs to be active. In contrast, on iOS and macOS, the attack reportedly only works if a Magic Keyboard is paired. Linux systems are vulnerable when the Bluetooth interface is active and visible to other devices.
While patches for these vulnerabilities have been developed, their implementation presents a challenge. For Linux systems, an effective patch has been available since 2020 but is often not enabled by default. Google has released a patch for Android versions 11 to 14, but the update’s reach to all end-users is a gradual process. Apple has confirmed the vulnerabilities but has not yet announced a specific timeline for releasing patches for iOS and macOS.
Adding to the gravity of the situation is the recent introduction of BLUFFS (Bluetooth Low Energy security Flaws and Fixes), a set of Bluetooth attack techniques. These techniques can compromise encrypted Bluetooth traffic, allowing attackers to manipulate data in real-time.