Researcher Uncovers Critical Bluetooth Vulnerabilities Impacting Versions 4.2 to 5.4

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Dec 1, 2023.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    49,112
    Likes Received:
    19,974
    GPU:
    AMD | NVIDIA
    fantaskarsef likes this.
  2. Kaarme

    Kaarme Ancient Guru

    Messages:
    3,543
    Likes Received:
    2,379
    GPU:
    Nvidia 4070 FE
    I only keep my phone's bluetooth turned on when I need to connect my handsfree, which is quite rarely and I'm sitting in a car behind the wheel when it happens. My desktop doesn't have a bluetooth dongle. I don't need bluetooth for anything on my laptop either.

    So, in my position I could do something about it, but this ought to be more annoying for those who need to rely on bluetooth regularly and thus can't just disable it.
     
  3. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    16,053
    Likes Received:
    9,960
    GPU:
    4090@H2O
    Honestly, today's not-tech-savvy people are who make things like this even an issue. I've literally heard a dozen times "I don't care if it's on as long as my battery isn't up until I reach the office / home".
    And at the same time complaining about getting inappropriate pics sent to the ladies on the train, bank accounts hacked, payment via phone copied...
     
    schmidtbag likes this.
  4. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    9,877
    Likes Received:
    3,641
    GPU:
    NVIDIA RTX 4070 Ti
    Why do these jackasses make this public when there is no fix for it?
     
    schmidtbag and Airbud like this.

  5. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    16,053
    Likes Received:
    9,960
    GPU:
    4090@H2O
    I always wondered the same. Especially with Spectre we actually were told that researchers tell (software) companies in advance, usually months or even half a year up to a year, and then publish it.
    The question is, why isn't it fixed in that time... since Spectre wasn't fixed in time either, and they were actively working on it at Microsoft before they made it public, iirc.
     
  6. Kaarme

    Kaarme Ancient Guru

    Messages:
    3,543
    Likes Received:
    2,379
    GPU:
    Nvidia 4070 FE
    It's dangerous to assume criminals are not aware of it. The worst criminals are working for certain governments with millions of budget and all the latest tools, including those you can't even buy as a civilian. At least in a case like this, if you know bluetooth isn't safe, you can turn it off. There are plenty of people who simply keep it on all the time, so that when they need it, they don't need to bother turning it on separately.
     
  7. mackintosh

    mackintosh Maha Guru

    Messages:
    1,311
    Likes Received:
    1,259
    GPU:
    .
    Those same people will never hear of this vulnerability and will continue to have Bluetooth on all the time.
     
  8. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,943
    Likes Received:
    4,194
    GPU:
    Polaris/Vega/Navi
    Kali has some scary Bluetooth exploits, you would not believe. Based on those CVE and some more.
     
    Keitosha likes this.
  9. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    8,169
    Likes Received:
    4,549
    GPU:
    Asrock 7700XT
    Generally, I'd say this isn't too concerning. Where this would be the most risky is with keyboards, but most BT keyboards are used in relatively isolated environments (like someone's home or a room dedicated as an office) since it doesn't take much 2.4GHz radio noise to make BT input devices annoying to use. While BT 5.4 has a realistic range of about 40m (theoretical maximum is I think about 200m), if you have an LE device, it will adjust its power level based on signal strength. BT is typically ad-hoc, so the signal only needs to be as strong as the pair of devices require; after all, that's why it's called pairing. That means as long as you are close to the device (which you should be if you actually care about security), I'm sure anyone a few meters away wouldn't be able to get a clean signal. So for example if you were wearing earbuds connected to the phone in your pocket, I doubt someone from a couple rooms over or across the street (if you're outside) would be able to hack into your connection. But, if you were to use BT speakers that were several meters away from you, you are greatly multiplying the probability of getting your packets sniffed.

    Side note: I never understood why BT didn't use something like 47GHz. While it doesn't really need that for the sake of data density, that frequency is perfect for the sake of security. Most BT devices are expected to be used within the same room as the device it is paired to, and 47GHz is really only effective when you're in the same room.

    I can relate, all too well. It reminds me of people who use the Outlook desktop application with tens of GB of messages, complaining how the application frequently and spectacularly fails, but "I don't want to use webmail because I'm not used to it", even though Outlook itself changes its functionality over time.

    I understand the point you're trying to make but I don't share the sentiment. It makes sense that the vendors of BT-equipped devices should know about this, so they can act accordingly, but to simply share the information with everyone where there is no solution is kinda just inviting more black hats to the frenzy. The only reason why anyone other than hardware vendors and security agencies should know about these vulnerabilities is if software patches can be deployed. It's not realistically possible to contact every software developer who uses Bluetooth, so a broadcasted message makes the most sense in such a scenario.
     
    Airbud and fantaskarsef like this.
  10. fry178

    fry178 Ancient Guru

    Messages:
    2,089
    Likes Received:
    382
    GPU:
    Aorus 2080S WB
    @schmidtbag
    guess you have never used something like public transportation.
    just walk a single underground train from front to end, scanning for BT and see how many devices want to connect...

    ignoring that not everyone limits their BT use to KB or speakers.
     

  11. RealNC

    RealNC Ancient Guru

    Messages:
    5,572
    Likes Received:
    3,831
    GPU:
    4070 Ti Super
    I didn't need a researcher to tell me that my Android phone that doesn't even receive security updates anymore (because the manufacturer wants me to throw a 100% perfectly fine phone to the trash and buy a new one) is not secure, you know.
     
  12. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    8,169
    Likes Received:
    4,549
    GPU:
    Asrock 7700XT
    If you're in a densely populated public environment using BT with something containing sensitive information, you don't have your priorities straight.
    They're the most common uses that may involve information that ought to be protected.
     
  13. circeseye

    circeseye Master Guru

    Messages:
    274
    Likes Received:
    11
    GPU:
    Gigabyte 6800xt oc
    from what ive seen its not a exploit but user error stupidity.
    walk around crowds or groups of people and just scan bt devices. the mass majority of them you can just straight connect to them and if the need a passcode again most are 0000. and you can get full access.
    hell i was in the camera section and was checking out its features and seen in it bt connection tons of connections. the employee seen one and said oh thats my managers phone. so i connected to it and uploaded about 10k pictures that were on the camera to his phone lol
    its actually a little scary that bt really isnt very secure because of this
     
    Kaarme likes this.
  14. umeng2002

    umeng2002 Maha Guru

    Messages:
    1,451
    Likes Received:
    361
    GPU:
    4080 Super
    Who on Earth ever thought BT was ever secure, lmao.
     
  15. fry178

    fry178 Ancient Guru

    Messages:
    2,089
    Likes Received:
    382
    GPU:
    Aorus 2080S WB
    @schmidtbag
    doesnt matter to me (personally).
    but it shouldnt be limiting the use for something/require the consumer to be the "solution"

    consumers should expect it be "secure" for normal use, the same way you assume the door lock you purchased is "safe: to use,
    and not all units coming with the "same key", allowing a neighbor (with the same lock) to unlock your door.
     

  16. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    8,169
    Likes Received:
    4,549
    GPU:
    Asrock 7700XT
    Hate to break it to you but the vast majority of door locks can be easily picked by the average person with a little bit of practice. It doesn't take Lock Picking Lawyer to do it either - if someone wants to actually break into your house, they're going to do it if you're not spending an exorbitant amount on security. For some locks, they're so easy to pick they might as well come with the same key.
    It's actually worse with cars in some cases, because many ignitions can be triggered just by simply hammering a flathead screwdriver into it, and many remote key fobs can be almost effortlessly emulated (especially if you drive a modern Hyundai apparently).

    Ultimately though, the point that really matters here is if you care at all about security, you minimize your exposure and keep a low profile. It's no different than using a subway of any major city - if you come across as having money, oblivious to your surroundings, and unarmed, you're probably seen as an easy target to get mugged. It doesn't matter if you have $1 or $10000 in your pocket: you are making your status known. So, if the average person knows they need to blend in and pretend they're capable of fending off a mugger (even if they really aren't), they should know better about their phone security. For seemingly most people, nearly their whole lives are tied to their phone, yet they're not very protective of it. I always found that to be pretty strange.
     
    Keitosha, HandR and anticupidon like this.
  17. Alessio1989

    Alessio1989 Ancient Guru

    Messages:
    3,003
    Likes Received:
    1,271
    GPU:
    .
    it was never designed to be secure.. and to be really reliable at all.. basically it was designed to be cheap to implement and not caring about security and performance. It wasn't designed to make it easy to use at all xD
     
  18. fry178

    fry178 Ancient Guru

    Messages:
    2,089
    Likes Received:
    382
    GPU:
    Aorus 2080S WB
    @schmidtbag
    probably if you shop by price.
    have yet to see were i cant get a pick safe lock for less than 30% more than the cheapest one,
    and i can remember even back in the late 70s we had those.

    and those that show their "status", they have it coming for them, but shouldnt mean
    i cant use something without increased risk, wifi is getting there, so its not impossible.

    different brands doing this kind of design..

    https://drive.google.com/file/d/1sD-yofvmNiNIJji_t4tiQBjuM788jDSX/view?usp=sharing
    [​IMG]
     

Share This Page