PSA: Bluetooth vulnerability and PS3 Controllers on Linux in 2024 - Lemmy.World

cross-posted from: https://lemmy.world/post/11498269 [https://lemmy.world/post/11498269] ># PSA: Bluetooth vulnerability and PS3 Controllers on Linux in 2024 > > In late 2023 a Bluetooth vulnerability CVE-2023-45866 [https://access.redhat.com/security/cve/cve-2023-45866] was discovered and patched [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675] in Bluez. By now, this vulnerability should be fixed on all Linux distributions. The fix has one compatibility implication: support for insecure legacy devices is now disabled by default. The Sony PlayStation 3 Controller (AKA DualShock 3 or DS3) is probably the most notable device affected by this change. > > ## What to do if you have a PS3 Controller > > The PS3 Controller should still be plug-and-play on Linux when used wired, this change only affects wireless use. > > Wireless use is now disabled by default. It should still be possible to use the controller wirelessly with a configuration change, but that will make your PC vulnerable when Bluetooth is in discoverable mode — that’s when you’re pairing a device; in GNOME that’s when you just have the Bluetooth settings open; easy to have on by accident. > > It’s painful for me to say this (I own several PS3 Controllers), but the DS3 is reaching its end-of-life, and we should start to consider moving on from it as a gamepad for PC. > > ## How to re-enable Bluetooth support for the PS3 Controller > > This is insecure: It will make your PC an easy target for remote code execution attacks from anyone in close proximity whenever your Bluetooth is in pairing/discoverable mode. It’s usually hard to notice when Bluetooth is in discoverable mode, and it’s very easy to accidentally leave it on. You have been warned. > > TL;DR: The following command should do it, tested on Fedora 39: > > shell > sudo sed -iE -e 's/^#ClassicBondedOnly=.*/ClassicBondedOnly=false/' /etc/bluetooth/input.conf && sudo systemctl restart bluetooth > > > Long version: Use the configuration file at /etc/bluetooth/input.conf, under the [General] section, add the option ClassicBondedOnly=false, then restart the bluetooth service or reboot the computer. Your config file should look like the following: > > toml > # Configuration file for the input service > > # This section contains options which are not specific to any > # particular interface > [General] > > # Set idle timeout (in minutes) before the connection will > # be disconnect (defaults to 0 for no timeout) > #IdleTimeout=30 > > # Enable HID protocol handling in userspace input profile > # Defaults to false (HIDP handled in HIDP kernel module) > #UserspaceHID=true > > # Limit HID connections to bonded devices > # The HID Profile does not specify that devices must be bonded, however some > # platforms may want to make sure that input connections only come from bonded > # device connections. Several older mice have been known for not supporting > # pairing/encryption. > # Defaults to true for security. > ClassicBondedOnly=false > > # LE upgrade security > # Enables upgrades of security automatically if required. > # Defaults to true to maximize device compatibility. > #LEAutoSecurity=true > > > I’m posting this PSA on [email protected] [/c/[email protected]] and [email protected] [/c/[email protected]]. Please forward this message to other interested Linux communities. >