A Magic Keyboard Bug That Allowed Bluetooth Traffic Monitoring Was Fixed By Apple
A recently discovered Bluetooth keyboard injection issue, identified as CVE-2024-0230, was fixed by Apple with the release of Magic Keyboard Firmware Update 2.0.6.
An attacker with physical access to the accessory could use this flaw, which is a session management issue, to extract the Bluetooth pairing key and eavesdrop on Bluetooth conversations.
“An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.” reads the advisory published by the company.
Marc Newlin from SkySafe found the vulnerability
When an attacker is near a victim, they can use unauthenticated Bluetooth to connect to the vulnerable device and manipulate keystrokes. This allows the attacker to perform various actions such as installing apps, sending messages, and executing arbitrary commands.
In order for the vulnerabilities to function, the Bluetooth host state machine must be tricked into pairing with a phony keyboard without user confirmation. The underlying unauthenticated pairing mechanism is defined in the Bluetooth specification, and implementation-specific bugs expose it to the attacker.” explained Newlin. The following circumstances make unpatched devices vulnerable:
- Android devices that have Bluetooth enabled are susceptible.
- Linux/BlueZ requires Bluetooth to be able to find and connect.
- When a Magic Keyboard is paired with a phone or computer and Bluetooth is turned on, iOS and macOS are susceptible to vulnerabilities.
The Magic Keyboard, Magic Keyboard (2021), Magic Keyboard with Numeric Keypad, Magic Keyboard with Touch ID, and Magic Keyboard with Touch ID and Numeric Keypad are among the models for which the Magic Keyboard Firmware Update 2.0.6 is available.
The researcher noted that attacks that take advantage of this vulnerability are still able to exploit the Lockdown Mode.
It’s unknown if attacks in the wild have taken advantage of the vulnerability.
Apple releases a very uncommon but significant update
New and updated designs are only released approximately once a year, usually in September for its yearly release party. Apple most recently unveiled its iPhone 15 lineup at its Wanderlust event in 2023.
A redesigned camera, new charging port, and enhanced durability were just a few of the much-awaited new features of the most recent iPhone. The most expensive model, the iPhone 15 Pro Max, costs an astounding $1,199, and that’s before you add on the cost of the matching elegant case.
This is also the reason Apple can continue to refer to some of its products as “Magic.” They effortlessly live up to their name, delighting users and simplifying tasks.
One such gadget is the Apple Magic Keyboard, which instantly projects a workspace anywhere via wireless connections to a variety of Apple products.
Very rarely has this product been updated because, well, it really doesn’t need to be. It just functions, and it has for many years.
However, Apple published a rare update on January 9th, dubbed Firmware Update 2.0.6.
The following models may have a potential Bluetooth security flaw, or vulnerability, fixed by the fix:
- Enchanted Keyboard
- The Magic Keyboard (2021)
- Numeric Keypad and Magic Keyboard
- Touch ID-compatible Magic Keyboard
- Magic Keyboard with Numeric Keypad and Touch ID
“An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic,” Apple writes on a page describing the fix.
The good news is that users don’t need to update their devices anymore because Apple has released the fix. As long as the keyboard is paired via Bluetooth with its home device, they will automatically take action in the background.
To find out the firmware version your Magic Keyboard is using, however, open the device that you have paired it with and choose System Settings > Bluetooth. Select the My Devices section, locate your keyboard, and then select the Info icon. It ought to inform you of the version it’s operating on and whether a fresh update is available for download.
from Virtualattacks https://ift.tt/9AVxiBR
Comments