Tobias Scheible1d ago

Selbst die beste IT-Sicherheitsarchitektur nützt wenig, wenn jemand einfach ein manipuliertes Ladekabel einsteckt. Genau dieses Problem war mein Antrieb für „𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗛𝗮𝗿𝗱𝘄𝗮𝗿𝗲”, eine Übersetzung meines deutschsprachigen Buches „𝗛𝗮𝗿𝗱𝘄𝗮𝗿𝗲 & 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆”. In der Cybersicherheit konzentrieren wir uns stark auf Netzwerke und Software, aber der physische Angriffsvektor wird oft fatal unterschätzt.

In meinem neuen englischsprachigen 𝗕𝘂𝗰𝗵 zeige ich euch praktisch und detailliert, wie diese Angriffe funktionieren und wie man sich davor schützt. 🧰

Egal, ob ihr im Red Team seid und euer Arsenal erweitern wollt oder im Blue Team arbeitet und diese Vektoren verstehen müsst – dieses englischsprachige Buch liefert euch die Praxis. 🛠️

#RedTeam #BlueTeam #KeystrokeInjection #SDR #InfoSec #CyberSecurity #Hard

Anastasis VasileiadisJun 17, 2024

🔵Jumping on the #BlueDucky trend. Exploit 0-click Bluetooth vulnerability of unpatched Android smartphone using(CVE-2023-45866)

#android #nethunter #kalinethunter #ble #keystrokeinjection #keystrokeinjectionattack #bluetooth

🛡 [email protected]/:~# Dec 11, 2023

"🚨 Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! 🚨"

A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.

Key details include:

  • BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
  • Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
  • CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.

Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.

Stay vigilant and update your devices! 🛡️📱💻

Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert

Sources:

NVD - CVE-2023-45866

GeekProjects NewsJul 16, 2023
Brute Forcing a Mobile’s PIN Over USB With a $3 Board https://hackaday.com/2023/07/16/brute-forcing-a-mobiles-pin-over-usb-with-a-3-board/ #keystrokeinjection #SecurityHacks #bruteforce #otg #pin #usb
Brute Forcing A Mobile’s PIN Over USB With A $3 Board

Mobile PINs are a lot like passwords in that there are a number of very common ones, and [Mobile Hacker] has a clever proof of concept that uses a tiny microcontroller development board to emulate …

Hackaday
🏴‍☠️ ₱ɎⱤ₳₮Ɇ฿Ɇ₳ⱤĐJun 26, 2020
My MalDuino Elite has arrived, time to wreak havoc (in a controlled and ethical manner). @[email protected] #MalDuino #MalDuinoElite #keystrokeinjection #infosec #cybersecurity #persec #hacker #ethicalhacker
ITSEC NewsOct 23, 2019
Fujitsu Wireless Keyboard Plagued By Unpatched Flaws - Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystr... more: https://threatpost.com/fujitsu-wireless-keyboard-unpatched-flaws/149477/ #keystrokeinjection #wirelesskeyboard #vulnerabilities #radiofrequency #wirelessattack #vulnerability #encryption #keylogging #password #fujitsu #hacks #lx390 #iot
Fujitsu Wireless Keyboard Plagued By Unpatched Flaws

Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystroke injection attacks.

Threatpost - English - Global - threatpost.com