Android Bluetooth Hacking

Big thank you to Brilliant for sponsoring this video! Try Brilliant for free (for 30 days) and to get a 20% discount, visit: https://Brilliant.org/DavidBombal

CVE-2023-45866 allows attackers to remotely control an Android phone (and other devices) without pairing.

Details: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Source: Mitre

See CVE details here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45866
https://nvd.nist.gov/vuln/detail/CVE-2023-45866

// Script and instructions here //
GitHub: https://github.com/pentestfunctions/BlueDucky

// Occupy The Web Books //
Linux Basics for Hackers:
US: https://amzn.to/3wqukgC
UK: https://amzn.to/43PHFev

Getting Started Becoming a Master Hacker
US: https://amzn.to/4bmGqX2
UK: https://amzn.to/43JG2iA

Network Basics for hackers:
US: https://amzn.to/3yeYVyb
UK: https://amzn.to/4aInbGK

// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW’s website: https://hackers-arise.net/

// Occupy The Web SOCIAL //
X: https://twitter.com/three_cube
Website: https://hackers-arise.net/

// GitHub CODE //
https://github.com/pybluez/pybluez

// Amazon LINKS //
Rasberry Pi 5:
US: https://amzn.to/3JZKoZD
UK: https://amzn.to/3JTBixC

ASUS USB/BT-500USB
US: https://amzn.to/4abnPfl
UK: https://amzn.to/3QDsOOO

// Playlists REFERENCE //
Linux Basics for Hackers: https://www.youtube.com/watch?v=YJUVNlmIO6E&list=PLhfrWIlLOoKOs-fjCPHdzD2icF2vORfwK&pp=iAQB

Mr Robot: https://www.youtube.com/watch?v=3yiT_WMlosg&list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q&pp=iAQB

Hackers Arise / Occupy the Web Hacks: https://www.youtube.com/watch?v=GxkKszPVD1M&list=PLhfrWIlLOoKOf1Ru_TFAnubVuWc87i-7z&pp=iAQB

// David’s SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// MENU //
00:00 – Bluetooth hacking quick demo
03:25 – Brilliant sponsored segment
04:17 – The Bluetooth vulnerability explained // OccupyTheWeb
05:46 – How the vulnerability works
08:36 – Bluetooth hacking demo
09:46 – Setting up for the hack // BlueZ
12:32 – BlueZ tools demo
14:00 – Scanning for Bluetooth devices
18:08 – Other tools
23:40 – Running BlueDucky // Hacking Bluetooth demo
26:00 – The possibilities of Bluetooth hacking
28:24 – Older Android versions are at risk // Keeping devices up to date
30:37 – Bluetooth hacking for other operating systems
31:02 – Hacking Bluetooth speakers
34:24 – OTW books & plans for future videos
35:12 – Conclusion

android
iphone
bluetooth
raspberry pi
macos
windows
samsung
pixel
google
apple
microsoft
linux
ubuntu
blue tooth
flipper zero
google pixel
ble

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#android #iphone #bluetooth

Author: admin