Hi Hacker's Welcome Back My New Blog Post, in this post we will learn How Hacker Hack Your Phone Using Bluetooth, And How Bluetooth Vulnerability To Hack Android Devices. so without wasting your time let's start.
CVE-2023-45866 New Android Vulnerability
CVE-2023-45866 is a severe security flaw in Bluetooth, classified under "Improper Authentication" (CWE-287), and carrying a high CVSS score of 8.8. This critical vulnerability allows remote escalation of privileges without additional execution privileges or user interaction. In practical terms, it means an attacker could gain higher-level access to a device or network, similar to that of an authorized user, without needing any additional permissions or user interaction.
Impact on Operating System.
The CVE-2023-45866 Bluetooth flaw presents a significant threat to a range of widely-used operating systems, namely Android, Linux, Windows, macOS, and iOS. This wide-ranging impact makes it a critical concern for users and organizations alike, as these systems form the backbone of countless computing devices worldwide. The vulnerability's ability to cross-platform boundaries signifies a broad security risk.
Let's Test How Actually This Work.
The Discovery by Marc Newlin
The Great Marc Newlin, a software engineer at SkySafe, identified this years-old Bluetooth authentication bypass vulnerability. His findings revealed that the exploit could be executed from a Linux machine using a standard Bluetooth adapter, without the need for any special hardware. Newlin responsibly reported this flaw to major stakeholders, including Apple, Google, Canonical, and the Bluetooth Special Interest Group (SIG)
Interestingly, CVE-2023-45866 is not Newlin's first significant discovery in the realm of Bluetooth security. He previously identified a similar set of flaws in 2016, known as "MouseJack", which exploited keystroke-injection vulnerabilities in wireless mice and keyboards. Newlin's consistent contributions highlight his expertise and vigilance in the field of cybersecurity. Checkout GitHub.
Step.1: New 2024 Bluetooth Vulnerability
To Demonstrate, we will use a Repository inside this blog. the great Developer Opabinia Write This code. this repository is basically an implementation of this vulnerability, which is automatic, which helps you understand this bug.
Step.2: BlueDucky The New HID Attack.
First of all you have to download some important packages, tools, drivers inside your Kali Machine. these drivers will help to improve the scanning process and communications of your Bluetooth.
after Packages and drivers is installed, you can now clone BlueDucky repositories inside your Kali Machine.
Step.3: How Android Hack Using Bluetooth
Now you have to enable your Bluetooth Service, so that it can scan your Bluetooth devices and show you the results of all the Bluetooth devices around you. For this you can copy the command below given.
Step.4: Hi, My Name is Keyboard CVE-2024-0230
now you can to come inside the BlueDucky directory. here you will get to see the python file and Payload.txt. inside the payload.txt file you have to paste the your ducky payload script, which you want to input on the target device, and then you can run this tool with python3 command.
When it run, it will automatically start scanning your Bluetooth and will show you the MAC address of all devices found nearby along with the device name. and now you can select device on which you want to perform attacks and bring it to attacking mode
and maybe when you run this tool. you are shown some kind of error that it is not working, then what to you have to do in this situation
You don't have to worry, you have to down your Bluetooth interface so that this tool can automatically enable the Bluetooth interface and Scan the devices.
After powering down the Bluetooth device, you can now see the script starting again. it will automatically select your devices. whatever devices number you have given and after that automatically HID attack will be performed inside target device, which you have given inside the payload. and this is how vulnerability work, it can present all the HID input inside Target Android Device.
I hope you have understood within this Blog post. How does Bluetooth Flow work, and How Hacker Hack Your Device Due to Bluetooth Vulnerability. I Hope You Enjoy Thanks :)
Check Out Detail Video This Attack [Video]
0 Comments
Please do not enter any spam link in the comment box.