• Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

  • The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

  • Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

    • NoneYa@lemm.ee
      161·
      7 months ago

      Companies like Apple make that difficult by making the widget only disable it for the day, and then the shit re-enables itself the next day.

      That’s where most users will go to turn off their Bluetooth radio on an iPhone, but the true way to do this is in the Settings app, but you can’t blame users for not knowing that.

      • arandomthought@sh.itjust.works
        11·
        7 months ago

        It’s such an apple thing to do. “Alright, you want to turn off Bluetooth, okay. But we think it’s better to have it on, and we know better, so, you know: Tomorrow’s another day.” At that point I don’t own my device, I’m hostage negotiating with it.

        • hemmes@lemmy.worldEnglish
          2·
          7 months ago

          You can goto Settings and turn off Bluetooth completely. It’s one of the first options in Settings.

      • anewbeginning@lemmy.world
        2·
        7 months ago

        I have a shortcut setup to turn it off and have the 3 tap on the back gesture to activate it. It’s always off unless I need it.

        • NoneYa@lemm.ee
          1·
          7 months ago

          I did this too, but via Siri. Asking her to “disable WiFi” permanently turns it off because of the shortcut I created.

    • bless@lemmy.worldOP
      111·
      7 months ago

      Haha I like the spirit but that’s not really a fix that’s just avoidance.

    • DogMuffins@discuss.tchncs.de
      English
      102·
      7 months ago

      Sure mate, do you ever take your car out of the garage or do you just leave it there in case it breaks down on the way to the shops?

      I use Bluetooth devices with my phone all day every day. Car, headphones, watch, laptop, speakers. It’s fine if you don’t, but surely you can recognise that leaving bluetooth on for most people is about functionality rather than mere laziness.

      That said, I’m not at all surprised that a vulnerability exists. Consumer tech just isn’t built to be resilient in that way.

    • squiblet@kbin.social
      41·
      7 months ago

      That would be nice. Personally I have two medical devices that have to be constantly connected to my phone via Bluetooth.

    • Squeak@lemmy.world
      21·
      7 months ago

      That’s like Steve jobs saying ‘you’re holding it wrong’ about the iPhone 4…

    • TimLovesTech (AuDHD)(he/him)@badatbeing.socialEnglish
      21·
      7 months ago

      That in theory works, if you don’t have to listen to music, use a smartwatch, own a wireless keyboard/mouse/headphones, etc. It’s in everything, and somethings lose all functionality w/out it.

    • ramble81@lemm.ee
      11·
      7 months ago

      Sure, but I’d like to listen to music… no wait, there’s no longer a 3.5mm jack. Okay, I want to get some information or a call in my car… no wait, there are hands free laws where I can’t hold my phone. Okay, let me check my watch for notifications…. no wait, it can’t connect to my phone now.