If you have an Apple device and tend to have your Bluetooth on in public, there’s a chance someone could use it to exploit your device. Despite laying dormant for years, a Bluetooth security flaw has just been spotted and according to the Android Security Bulletin, it is a ‘critical security vulnerability.’
As originally spotted by Marc Newlin from Sky Safe, any user who connects a Magic Keyboard to their MacBook can be vulnerable. A person running Linux can register their device to it, effectively causing keystroke-injection vulnerabilities – mimicking keystrokes by the legitimate user. This can be used to steal information, run commands on the device, and more. These vulnerabilities were disclosed to Apple on August 1st this year, followed by a public disclosure on December 6th.
A Bluetooth problem – iMore’s take
This is not the first time a major security fault has been spotted that accesses Bluetooth in some way. Back in September, a tech enthusiast discovered you could falsely ping iPhones with an AirPods notification with nothing but a Flipper Zero hacking tool. It did have to be very close to the device it was pinging, but it was theorized the distance could be much greater with the right tech. Turning off Bluetooth through Control Center wouldn’t fix this, and users had to turn it off in Settings. It is important to note that any device with Bluetooth capabilities could do the same, so this security fault lies in Apple's hands to fix.
Bluetooth is a great bit of tech that has had some severe problems like the two examples above due to how easy it is to connect, and this vulnerability is just one of many. Despite being informed of this four months ago, Apple has not commented or changed anything publicly yet. A security patch for devices running Android 11 and onward has been issued, and future devices will contain the fix automatically, but devices running before Android 11 will be left vulnerable. Hopefully, Apple will fix this problem, too.
iMore has reached out to Apple for comment.
