Tobias ScheibleMar 20

Selbst die beste IT-Sicherheitsarchitektur nรผtzt wenig, wenn jemand einfach ein manipuliertes Ladekabel einsteckt. Genau dieses Problem war mein Antrieb fรผr โ€ž๐—›๐—ฎ๐—ฐ๐—ธ๐—ถ๐—ป๐—ด ๐—›๐—ฎ๐—ฟ๐—ฑ๐˜„๐—ฎ๐—ฟ๐—ฒโ€, eine รœbersetzung meines deutschsprachigen Buches โ€ž๐—›๐—ฎ๐—ฟ๐—ฑ๐˜„๐—ฎ๐—ฟ๐—ฒ & ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†โ€. In der Cybersicherheit konzentrieren wir uns stark auf Netzwerke und Software, aber der physische Angriffsvektor wird oft fatal unterschรคtzt.

In meinem neuen englischsprachigen ๐—•๐˜‚๐—ฐ๐—ต zeige ich euch praktisch und detailliert, wie diese Angriffe funktionieren und wie man sich davor schรผtzt. ๐Ÿงฐ

Egal, ob ihr im Red Team seid und euer Arsenal erweitern wollt oder im Blue Team arbeitet und diese Vektoren verstehen mรผsst โ€“ dieses englischsprachige Buch liefert euch die Praxis. ๐Ÿ› ๏ธ

#RedTeam #BlueTeam #KeystrokeInjection #SDR #InfoSec #CyberSecurity #Hard

Anastasis VasileiadisJun 17, 2024

๐Ÿ”ตJumping on the #BlueDucky trend. Exploit 0-click Bluetooth vulnerability of unpatched Android smartphone using(CVE-2023-45866)

#android #nethunter #kalinethunter #ble #keystrokeinjection #keystrokeinjectionattack #bluetooth

๐Ÿ›ก [email protected]/:~# โ€‹Dec 11, 2023

"๐Ÿšจ Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! ๐Ÿšจ"

A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.

Key details include:

  • BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
  • Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
  • CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.

Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.

Stay vigilant and update your devices! ๐Ÿ›ก๏ธ๐Ÿ“ฑ๐Ÿ’ป

Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert

Sources:

NVD - CVE-2023-45866

GeekProjects NewsJul 16, 2023
Brute Forcing a Mobileโ€™s PIN Over USB With a $3 Board https://hackaday.com/2023/07/16/brute-forcing-a-mobiles-pin-over-usb-with-a-3-board/ #keystrokeinjection #SecurityHacks #bruteforce #otg #pin #usb
Brute Forcing A Mobileโ€™s PIN Over USB With A $3 Board

Mobile PINs are a lot like passwords in that there are a number of very common ones, and [Mobile Hacker] has a clever proof of concept that uses a tiny microcontroller development board to emulate โ€ฆ

Hackaday
๐Ÿดโ€โ˜ ๏ธ โ‚ฑษŽโฑคโ‚ณโ‚ฎษ†เธฟษ†โ‚ณโฑคฤJun 26, 2020
My MalDuino Elite has arrived, time to wreak havoc (in a controlled and ethical manner). @[email protected] #MalDuino #MalDuinoElite #keystrokeinjection #infosec #cybersecurity #persec #hacker #ethicalhacker
ITSEC NewsOct 23, 2019
Fujitsu Wireless Keyboard Plagued By Unpatched Flaws - Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystr... more: https://threatpost.com/fujitsu-wireless-keyboard-unpatched-flaws/149477/ #keystrokeinjection #wirelesskeyboard #vulnerabilities #radiofrequency #wirelessattack #vulnerability #encryption #keylogging #password #fujitsu #hacks #lx390 #iot
Fujitsu Wireless Keyboard Plagued By Unpatched Flaws

Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystroke injection attacks.

Threatpost - English - Global - threatpost.com