• Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

  • The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

  • Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

      • arandomthought
        link
        fedilink
        arrow-up
        13
        ·
        1 year ago

        It’s such an apple thing to do. “Alright, you want to turn off Bluetooth, okay. But we think it’s better to have it on, and we know better, so, you know: Tomorrow’s another day.” At that point I don’t own my device, I’m hostage negotiating with it.

        • hemmes@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          You can goto Settings and turn off Bluetooth completely. It’s one of the first options in Settings.

      • anewbeginning@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I have a shortcut setup to turn it off and have the 3 tap on the back gesture to activate it. It’s always off unless I need it.

    • bless@lemmy.worldOP
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      Haha I like the spirit but that’s not really a fix that’s just avoidance.

    • DogMuffins@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      2
      ·
      1 year ago

      Sure mate, do you ever take your car out of the garage or do you just leave it there in case it breaks down on the way to the shops?

      I use Bluetooth devices with my phone all day every day. Car, headphones, watch, laptop, speakers. It’s fine if you don’t, but surely you can recognise that leaving bluetooth on for most people is about functionality rather than mere laziness.

      That said, I’m not at all surprised that a vulnerability exists. Consumer tech just isn’t built to be resilient in that way.

    • squiblet@kbin.social
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      That would be nice. Personally I have two medical devices that have to be constantly connected to my phone via Bluetooth.

    • TimLovesTech (AuDHD)(he/him)@badatbeing.social
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      That in theory works, if you don’t have to listen to music, use a smartwatch, own a wireless keyboard/mouse/headphones, etc. It’s in everything, and somethings lose all functionality w/out it.

    • Squeak@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      That’s like Steve jobs saying ‘you’re holding it wrong’ about the iPhone 4…

    • ramble81@lemm.ee
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Sure, but I’d like to listen to music… no wait, there’s no longer a 3.5mm jack. Okay, I want to get some information or a call in my car… no wait, there are hands free laws where I can’t hold my phone. Okay, let me check my watch for notifications…. no wait, it can’t connect to my phone now.