CVE-2023–45866: What Happened to Bluetooth? Is Your Bluetooth Safe?

Adarsh Kumar
3 min readMay 13, 2024

--

Hey there!

Have you ever thought about how safe your Bluetooth gadgets are? Well, I recently found out about a big issue: something called CVE-2023–45866, which is a fancy name for a serious problem with Bluetooth. But don’t worry, I’ll explain it in a way that’s easy to understand. Imagine if someone could sneak into your Bluetooth device and play around with it! That’s why it’s super important to know about these things and learn how to keep ourselves safe. Let’s dive in and learn together about protecting our digital stuff!

What’s the Deal with Bluetooth?

You know those little gadgets like speakers and headphones that connect wirelessly? That’s Bluetooth! But sometimes, bad guys can find a way to mess with it. In 2023, people found out about a new problem in Bluetooth. It’s like a secret door that lets a sneaky gadget pretend to be a keyboard and do stuff to your device without asking.

The Big Flaw: CVE-2023–45866

This flaw, called CVE-2023–45866, is a big deal because it lets the sneaky gadget trick your device into doing things without your permission. It’s like someone sneaking into your house without you knowing!

This problem affects both Android and iOS devices, especially if you’re using an Apple Magic Keyboard. It’s kind of like a secret way for bad guys to get into your phone or tablet.

What Does It Mean for Us?

For Android users, it means someone could type things on your phone or tablet without you knowing. They could do things like install bad apps, steal your passwords, or control your device.

If you’re using an iPhone or iPad with a Magic Keyboard, the same thing could happen. Someone might be able to mess with your device without you realizing it.

Impact on Android:

Attackers can inject keystrokes into your Android device. This could be used to:

  • Install malicious applications without your permission.
  • Steal sensitive data like passwords or financial information.
  • Execute commands on your device, giving them full control.

The severity of the impact depends on several factors, including:

  • Android version: Older versions are more likely to be vulnerable.
  • Security patches: Devices with the latest security patches are less at risk.
  • User behavior: Downloading apps only from trusted sources and being cautious about online interactions can help mitigate risks.

Impact on iOS (with Apple Magic Keyboard):

While generally less susceptible to Bluetooth vulnerabilities, iOS with a connected Magic Keyboard is affected by CVE-2023–45866.

An attacker could potentially inject keystrokes and steal data or perform malicious actions on your iPhone.

However, it’s important to note that Apple likely addressed this vulnerability in subsequent iOS updates. Keeping your iOS software up-to-date is crucial for maintaining security.

Impact on Smart TVs

CVE-2023–45866 vulnerability also affects unpatched Android and Linux-based Smart TVs that have a Bluetooth interface. This applies to devices running Linux-based webOS or Google Chromecast TV version 3. By exploiting unpatched Chromecast, it is possible to turn on the TV via Chromecast dongle and inject keystrokes.

Known Affected Versions

  • Android: Versions 4.2, 5, 6, 7, 8, 9, 10 are affected with no fix available. Versions 11, 12, 13, 14 have been fixed in the 2023–12–05 security patch level.
  • Linux (BlueZ): Affected distributions have a BlueZ patch available.
  • macOS: Versions 12, 13 have no fix available, while version 14 has been fixed in macOS 14.2.
  • iOS: Version 16 has no fix available, while version 17 has been fixed in iOS 17.2.
  • Windows: Versions 10, 11, Server 2022 have been fixed in January 2024 Patch Tuesday. Earlier versions of Windows were not tested.

How Can We Stay Safe?

To protect ourselves, we need to make sure our devices have the latest updates. For Android phones, it’s best to have Android 11 or newer. And for iPhones and iPads, keep them updated too.

We should also be careful about what devices we connect to. Just like we’re cautious about who we talk to, we need to be careful about what gadgets we let our devices talk to.

More Details on the Problem

You see, this flaw in Bluetooth lets the sneaky gadget act like a keyboard and type things on your device. It’s kind of like someone secretly typing on your phone or tablet when you’re not looking!

In Conclusion

CVE-2023–45866 shows us that even our cool wireless gadgets can have problems. But by understanding these issues and being careful, we can keep our stuff safe from bad guys.

TBC…………

--

--

Adarsh Kumar
Adarsh Kumar

Written by Adarsh Kumar

I'm Adarsh. Cyber-security student,CTF player . Team TheWiz( @thewizx01 )