BlueDucky: A New Tool Exploits Bluetooth Vulnerability With 0-Click Code Execution
A brand original tool dunned BlueDucky, automating the exploitation of a predominant Bluetooth pairing vulnerability that enables for 0-click on code execution on unpatched gadgets.
This revelation comes on the heels of Marc Newlin’s January 2024 e-newsletter of a proof of belief script, which targets a Bluetooth vulnerability identified as CVE-2023-45866.
The vulnerability, as detailed by Newlin, enables attackers to inject keystrokes into any Android and Linux tool within Bluetooth differ without the want for pairing, by masquerading as a Bluetooth keyboard.
The exploit tool, dubbed “hi_my_name_is_keyboard,” became within the muse designed to indicate the feasibility of such an attack.
The cell hacker crew efficiently compromised a unfold of gadgets, including Android smartphones, Google Chromecast TVs, Meta Quest 3, and Linux-based completely shipshape TVs.
Nonetheless, the contemporary script required customers to manually contain and enter the MAC handle of the target Bluetooth tool and alter the code to change the injected keys.
BlueDucky Automating the Course of
BlueDucky, developed by Opabinia and made on hand on GitHub, addresses these boundaries by automating the total course of.
Salvage Free CISO’s Knowledge to Warding off the Next Breach
Are you from The Physique of workers of SOC, Network Security, or Security Supervisor or CSO? Salvage Perimeter’s Knowledge to how cloud-based completely, converged community safety improves safety and reduces TCO.
- Perceive the importance of a zero have faith contrivance
- Full Network safety Checklist
- Gape why relying on a legacy VPN is no longer any longer a viable safety contrivance
- Salvage solutions on demonstrate the transfer to a cloud-based completely community safety solution
- Detect the advantages of converged community safety over legacy approaches
- Thought the tools and applied sciences that maximize community safety
Adapt to the altering risk landscape easily with Perimeter 81’s cloud-based completely, unified community safety platform.
The tool, which is in a put aside to be race on a Raspberry Pi 4 with Kali Linux or a rooted Android tool working Kali NetHunter, scans for nearby Bluetooth gadgets, permitting the user to determine on a target from a listing.
It then executes a Rubber Ducky script saved in a payload.txt file, removing the want for manual script changes.
Surely one of the vital standout aspects of BlueDucky is its doable for appropriate automation. By editing the script, it shall be configured to repeatedly contain gadgets and are trying exploitation, logging the results of every are trying.
Essentially based on the developer’s skills, if a tool is susceptible, the script completes efficiently, highlighting the predominant significance of patching the CVE-2023-45866 vulnerability to present protection to in opposition to such assaults.
BlueDucky represents a serious advancement within the exploitation of Bluetooth vulnerabilities by automating the contrivance, making it more accessible to attackers, and per chance increasing the chance to unpatched gadgets.
Its sort underscores the importance of patching known vulnerabilities take care of CVE-2023-45866 to present protection to in opposition to such automatic assaults.
Keep updated on Cybersecurity news, Whitepapers, and Infographics. Note us on LinkedIn & Twitter.
Source credit : cybersecuritynews.com
