Published: April 30, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
Bluetooth keyboards have a vulnerability exposing operating systems to takeover flaws. Android, Apple, and Linux operating systems are in the crosshairs thanks to the flaw and all three OS hosts are releasing fixes for the bug. What you need to know can help save you from a weakness no one saw coming for nearly 20 years.
Security researcher Marc Newlin discovered the bug can lead to remote takeovers of devices. It involves using a fake Bluetooth keyboard to sidestep operating system user verification. This allows an attacker to take control of devices running on the three major operating systems as if they were the legitimate user. Since an attacker needs to be near the victim for it to work, it rules out attacks on a mass scale. But security professionals warn it can still be used for very specialized targeting.
OS Vulnerabilities
Android OS:
This flaw is exploitable whenever Bluetooth is enabled. An attacker inserts keystrokes and mimics the victim's keyboard even when the lock screen is enabled.
Linux OS: These devices are exploited similarly to Android when Bluetooth is enabled and connected. The attacker's keyboard is paired and matched without the user’s verification.
Mac OS:
Flaws are exploited when Bluetooth is enabled and a phone or computer is paired with a Magic Keyboard.
Ditching the messy wires and connections for Bluetooth is great but like many technology benefits, a cybercriminal may be lurking right around the corner. Fortunately, this OS vulnerability was found by one of the good guys. The cyber-smart thing to do is keep your software and hardware patched with the latest updates because you never know when they'll be needed. And remember to lock your computers and devices when you’re not using or near them.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments