Big thank you to Brilliant for sponsoring this video! Try Brilliant for free (for 30 days) and to get a 20% discount, visit: https://Brilliant.org/DavidBombal

CVE202345866 allows attackers to remotely control an Android phone (and other devices) without pairing.

Details: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.640ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE20200556 mitigation would have already addressed this Bluetooth HID Hosts issue. Source: Mitre

See CVE details here:
https://cve.mitre.org/cgibin/cvename...
https://nvd.nist.gov/vuln/detail/CVE...

How to stop / mitigate this attack:
1) Upgrade your phone / install security patches on Android for versions 11 and later. Unfortunately earlier versions cannot be patched (Android 10 and earlier)
2) Note: For the script to discover the MAC address of the phone, the phone needs to be in pairing mode.
3) Turn off Bluetooth if not being used

// Script and instructions here //
GitHub: https://github.com/pentestfunctions/B...

// Occupy The Web Books //
Linux Basics for Hackers:
US: https://amzn.to/3wqukgC
UK: https://amzn.to/43PHFev

Getting Started Becoming a Master Hacker
US: https://amzn.to/4bmGqX2
UK: https://amzn.to/43JG2iA

Network Basics for hackers:
US: https://amzn.to/3yeYVyb
UK: https://amzn.to/4aInbGK

// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackersarise.net/'>https://hackersarise.net/

// Occupy The Web SOCIAL //
X:   / three_cube  
Website: https://hackersarise.net/'>https://hackersarise.net/

// GitHub CODE //
https://github.com/pybluez/pybluez

// Amazon LINKS //
Rasberry Pi 5:
US: https://amzn.to/3JZKoZD
UK: https://amzn.to/3JTBixC

ASUS USB/BT500USB
US: https://amzn.to/4abnPfl
UK: https://amzn.to/3QDsOOO

// Playlists REFERENCE //
Linux Basics for Hackers:    • Linux for Hackers Tutorial (And Free ...  

Mr Robot:    • Hack like Mr Robot // WiFi, Bluetooth...  

Hackers Arise / Occupy the Web Hacks:    • Hacking Tools (with demos) that you n...  

// David's SOCIAL //
Discord:   / discord  
X:   / davidbombal  
Instagram:   / davidbombal  
LinkedIn:   / davidbombal  
Facebook:   / davidbombal.co  
TikTok:   / davidbombal  
YouTube:    / @davidbombal  

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

// MENU //
Hacking Wordpress Websites with Python in seconds (using the Dark Web and Telegram data)
00:00 Bluetooth hacking quick demo
03:05 Brilliant sponsored segment
03:57 The Bluetooth vulnerability explained // OccupyTheWeb
05:26 How the vulnerability works
08:16 Bluetooth hacking demo
09:26 Setting up for the hack // BlueZ
12:12 BlueZ tools demo
13:50 Scanning for Bluetooth devices
17:58 Other tools
23:20 Running BlueDucky // Hacking Bluetooth demo
25:50 The possibilities of Bluetooth hacking
28:04 Older Android versions are at risk // Keeping devices up to date
30:17 Bluetooth hacking for other operating systems
30:52 Hacking Bluetooth speakers
34:04 OTW books & plans for future videos
34:52 Conclusion

android
iphone
bluetooth
raspberry pi
macos
windows
samsung
pixel
google
apple
microsoft
linux
ubuntu
blue tooth
flipper zero
google pixel
ble

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#android #iphone #bluetooth