Post by account_disabled on Jan 28, 2024 5:45:42 GMT
A security researcher known as "The Mobile Hacker" has revealed just how vulnerable Android phones are. In their demonstrations , they revealed a potentially devastating zero-click attack that uses newly discovered Bluetooth vulnerabilities to install intrusive payloads via Metasploit , a popular penetration testing framework, on devices that haven't received their latest patches. 'Mobile Hacker' used the Exploit-in-Concept (PoC) scripts published by Mark Newlin earlier this month. These scripts are freely available on GitHub and exploit vulnerabilities tracked as CVE-203-45866, CVE-2024-21306, and CVE-2024-0230 ( info ). They effectively force-pair emulated keyboards via Bluetooth to different OS architectures, thereby enabling keyboard injection.
The really Fax Lists worrisome thing about these scripts is that they run on devices that have Bluetooth enabled and active, meaning they're locked. An attack can occur from another mobile device within Bluetooth range without the need for interaction with the victim or any visible signs of a breach . This vulnerability highlights the importance of keeping our devices updated and vigilant against potential threats in our digital space. These attacks are as stealthy as they sound and can affect vulnerable Android phones. Let's dive deeper to understand this modern threat. Zero-click attacks, for those who don't know, are cyber threats that don't require any interaction from the victim - clicking on suspicious links or downloading fraudulent applications .
A hacker needs proximity to do these nasty things over Bluetooth. The vulnerability in question affects a number of operating systems on different devices, but it is particularly relevant for older versions of Android. Why is this so? Well, consider that most Android vendors stop supporting devices after two years and follow infrequent update cycles (quarterly at best). This means that security updates are sometimes delayed for months, making these devices a target for hackers who exploit Bluetooth vulnerabilities. To give you a clearer picture, all Android devices with version 10 and above are vulnerable to these Bluetooth flaws. They are essentially sitting ducks for zero click attacks unless immediately attached.
The really Fax Lists worrisome thing about these scripts is that they run on devices that have Bluetooth enabled and active, meaning they're locked. An attack can occur from another mobile device within Bluetooth range without the need for interaction with the victim or any visible signs of a breach . This vulnerability highlights the importance of keeping our devices updated and vigilant against potential threats in our digital space. These attacks are as stealthy as they sound and can affect vulnerable Android phones. Let's dive deeper to understand this modern threat. Zero-click attacks, for those who don't know, are cyber threats that don't require any interaction from the victim - clicking on suspicious links or downloading fraudulent applications .
A hacker needs proximity to do these nasty things over Bluetooth. The vulnerability in question affects a number of operating systems on different devices, but it is particularly relevant for older versions of Android. Why is this so? Well, consider that most Android vendors stop supporting devices after two years and follow infrequent update cycles (quarterly at best). This means that security updates are sometimes delayed for months, making these devices a target for hackers who exploit Bluetooth vulnerabilities. To give you a clearer picture, all Android devices with version 10 and above are vulnerable to these Bluetooth flaws. They are essentially sitting ducks for zero click attacks unless immediately attached.