Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>Once the attacker has paired with the target phone or computer

A small detail, though, the target device has to accept the connection. Once someone lets you in his house, you can steal his silver, yes.



> The vulnerabilities work by tricking the Bluetooth host state-machine into pairing with a fake keyboard without user-confirmation.


Is this possible to pair a keyboard device to Android without confirmation?


It's apparently a feature of ancient Bluetooth


If the vulnerability author is to be believed, yes.


Yes, i am reading the title which says 'Bluetooth keystroke-injection' which is concerning on one level, but in fact the article talks about authenticating a device without user interaction which seems way more serious to me.

however, it also mentions > stay tuned for Part 2: More Vulnerabilities

so I guess we'll see


How in the world is this a CVSS 8.8 if this is the case? What a waste of everyone's time if this is true.


Ctrl+alt+t (insert malicious shell command)


That is only part of the CVSS scoring system. Not only do you need near-physical access (i.e. not open to the internet, already drops the rating significantly), it requires the victim to interact with a suspicious prompt, which basically drops it to the level of a phishing email (i.e. not CVSS 8.8).


No victim operation is needed, just type it by automated pseudo HID device


Ok, but any reasonable threat model has assumed forever that physical access to the machine is essentially game over regardless.

Or to put it another way... who cares about that when the adversary is in position to just do a snatch and grab of the whole device?


This is an automatic bluetooth pairing attack. With the right equipment (which can be as simple as a Pringles can and an antenna aimed through a window) you can execute this attack from a hundred meters away. That's not physical access.


Wireless protocols don't count as physical access, since I can perform the attack from a car outside your house.


Even more scary: (launch child porn web site)


People are silly about security. Has your social media not been flooded with oldsters circulating that copypasta about how iOS contact sharing is going to let thieves "STEAL YOUR INFO!!1?!111"?


So you are saying this is not true? You mean they got Google to react to a made up vulnerability? Did you even read the text?


They’re not talking about this. They’re talking about the NameDrop feature added in iOS 17. The one with multiple confirmation steps, while the facebook memes talk like hackers can steal your info from long range with no intervention.

https://www.snopes.com/fact-check/iphone-namedrop-warning/


Ah thanks for the context




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: