Security News

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. "Many of the examples presented during the conference were real tests on devices that attendees - most of them cybersecurity experts - were carrying with them," they told Help Net Security.

Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues. Tracked as KB5034204, this monthly non-security optional cumulative update will enable Windows admins to test improvements and fixes that will be pushed to all customers with the forthcoming February 2024 Patch Tuesday release.

A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. The ability to launch Bluetooth LE spam attacks using the Flipper Zero portable wireless pen-testing and hacking tool was first demonstrated in September 2023 by security researcher 'Techryptic.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of...

A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, tracked as CVE-2023-45866, doesn't require any special hardware to exploit, and the attack can be pulled off from a Linux machine using a regular Bluetooth adapter, says Marc Newlin, who found the flaw and reported it to Apple, Google, Canonical, and Bluetooth SIG. Newlin says he'll provide vulnerability details and proof-of-concept code at an upcoming conference but wants to hold off until everything is patched.

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two...

The attacks force the creation of weak session keys, which are used when paired Bluetooth devices try to establish a secure communication channel. Weak keys can be easily broken, allowing the eavesdropper to hijack sessions and snoop on victims' conversations, data, and activities carried out over Bluetooth.

Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions' forward and future secrecy, compromising the confidentiality of past and future communications between devices.

Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. Inspired by previous research on the topic and Flipper Zero applets targeting iOS devices, and later Android and Windows, software developer Simon Dankelmann developed an Android app capable of the same Bluetooth spam.