There is an exactly 0% chance that state actors have not been using that Bluetooth vulnerability for years

Ah yes, now counterstrike is safe for work once more

This has always been the case, hasn't it? I thought Bluetooth was always vulnerable.

Opsec 101: only turn on bluetooth if you actually need it

Great video! However I think you should have mentioned that on Android, the released security patch 2023-12-5 mitigates this issue, which is mentioned in the github post you link. Of course, I know this is not the panacea, because of Android fragmentation etc, but the video made it seem like no security patch was out. I would also have added that, as with a rubber ducky, the device has to be unlocked in order to do damage.

always look forward to this dudes' content. well written with witty humor sprinkled in between , always a joy to watch :D . Seytonic thanks for putting this stuff out there for us to enjoy n stay safe out there!

We should really appreciate how seytonic never fails to fill us with steamy and hot news from the back

Well, that a hell alot of news. The bluetooth exploit is scary, the CS2 is hilarious and the Russian hacking situation is interesting. As a Russian myself, this is very interesting.

Imagine kicking a player, and two days later someone kicks down your front door-

This only works when the device is unlocked. So asuming ur phone is unlocked when you use it. You could see it happening. Update your phone.

Wait, Windows ist Not affected?

There was a bug I found like this in csgo back in 2019/2020~ish, if u edited the lobby message packets u could insert a custom formatted xml used for events text (eg when u are in a lobby and it goes "(TEAM A) vs (TEAM B) live" or something), lots of trolling ensued and we thought it was harmless, we would just visually edit peoples ranks and make a message come up saying u were overwatch banned, after having our fun we told a bunch of peeps, but then afterwards we realized if u attached a script tag u could run javascript in their game ui, then you could use a handy api (since disabled) made by valve to run any program on their computer with any parameters you could ever want, wouldn't have shared it if i realised it let u run js (and probs could have got major bug bounty money D:), sooooo like we are reallllllllly lucky nobody realized and made a botnet out of a bunch of people playing counterstrike from us just doing a lil trolling before valve patched it. Valve patched it after a few streamers got targeted by some trolling.

I’m sure there have been half a dozen other Bluetooth exploits…

Fairly sure that bluetooth bug was shown years ago. Yup, just looked it up, first I saw it discussed was 2016 in MIT technology review on 23 rd of February 2016. If it is that, then this is not new in the slightest. From what you described, its not any different. Edit, if I remember correctly, I also remember this being discussed with regard to payment terminals. That use bluetooth to speak to a phone.

I found an exploit months ago that allows you to use an iPhone to pair with the Bluetooth adapter on any type of operating system including Linux without the victim being prompted to allow the hackers device to pair. then you can clone the victims device and add a service. the service can be configured to upload data to a remote server so you no longer need to be within range of the victim. I should've reported this months ago but haven't got around to it lol

Thanks to wireless earbuds, I absolutely will not disable bluetooth.

Nice, already have an update for my macbook and iphone, no matter how much one could hate on apple you have to admit once a CVE gets general public attention they are usually pretty quick to respond.

Another reason to go paper and pencil!😂

Killmilk retiring could just be him resigning from killnet in a way that is less embarrassing

Windows also has this issue, also the CS issue was used in New World, you could essentially paste any image in global chat.

damn old bug strikes back after ages

Same sanitizing bugs has been found on cs:go, dota 2, dota underlords multiple times😂

That's a feature I've been using for remote desktop and always thought it was WAY to easy to use maliciously if I wanted

What's the background music you use in these videos? I can listen to it all day.

I hate Bluetooth with a burning passion. It dominates everything. It's a bulky and broken protocol. And it really needs a fully open source equivalent.

Erm, you do know that in Linux and Linux-phones I always got a request to ensure the confirmation code match up. So, I'd get the pop-up to confirm a connection, else it just rejects any attempts. Thing is, I'd love to implement this so I could use my laptop as the keyboard and mouse for the workstation and laptop (i.e. use the numl-ock key to enter/exit Bluetooth keyboard mode on the host).

Ive been doing this with my flipper, bluetooth has always been vulnerable, thats why i keep mine off

I wouldn't be surprised if Killmilk and Deanon Club are the same person.

with ble advertising (which i searched 3 yrs ago and saw anyone can sniff and emulate) i knew if u could find a device that gives input u would be able to takeover device if u annoyed them enough they clicked connect

We are reaching Watch Dogs level of skidding, imagine walking through a mall with the bluetooth mod and creating a EMP field

And this is why headphone jacks are important

Being discoverble is a opt-in feature that means nearly all Linux users are unaffacted. But its scarry because my PC has class 1 bluetooth...

This bluetooth vulnerability has been public for years now, or at least one that's very similar

Even worse, iOS *automatically* turns on bluetooth after an update is applied. This "feature" cannot be disabled. Security on iOS has always been a joke to fool muggles.

Gata love how every phone nolonger has a 3.5jack and your stuck with either an adapter (ive had 7 break) or Bluetooth

Haven't had bluetooth enabled for years because i was warned about stuff like this years ago

You can't unlock an android phone using only a paired keyboard. So I don't really see the problem since it will only be working while it's unlocked and thus when you are actively using the phone.

Oh nice. I only have Bluetooth on when I use it. But man, that’s unfortunate:

I noticed you skipped windows.. does that mean windows isn't vulnerable to this?

That is why turning off Bluetooth when a device is not in use is necessary.

So, what are saying here doc for mitigation turn bluetooth and ble off and tyce c to audiojack headphones or, is there something else that can help? Because well, wireless headphones are convenient... At the end of the day there are so many attack vectors out there if someone wants in they'll find a way irrelevant of our personal thoughts on how immoral that may be.

“Your phone can be hacked via bluetooth!” “Shit, okay, can you prove it?” “No 🙃”

Reminds me of BlueSmurfing.

On January 17, 2017 I was extorted by a Repubican city councilman of Centennial Colorado. One of over 130 threats made was to hack my computer via Bluetooth via a bluetooth enabling wired mouse. In December of 2019 this attack was carried out. On December 20, 2019 they entered the premises after my wife and daughter left for the airport, retrieved their device and carried out another threat to break my glasses. This was followed a few days later by replacing one of the rubber nibs in the eyeglass repair kit with a similar one but discolored as if by tobacco smoke, this was threatened to contain asbestos so that a felony charge of illegal disposal of hazardous substance could be fabricated , and/or establishing the condition of asbestos on the property in order to carry out a broader more far reaching insurance fraud scheme.

Combine this with the recent webp attack and that's a good play.

now i regret connecting my phone to my mac’s keyboard

Bluetooth wastes about 1w an hour. Turn that shit off when you're not using it and watch your battery life last 25% longer.

if u have an android with bluetooth enabled ur volunerable, if u have an iphone with bluetooth on then ur volunerable.. lol i love how u dumbed it down for the apple users

I thought everyone knew about this one it's been around for a long time

did plextrac ask you to move the ad segment to the middle, or was it your idea?

good thing I never managed to make Bluetooth work on my linux machine lol

Leon & Steve upstairs listens to my singing

Sounds very unlikely to be used successfully in mass, must be very targeted

YAY new seytonic video always the goat.... i been watchingevery video yo

i love this channel every week its better to watch this than read bunch of booring articles

Luckily im paranoid and tin foil hatted about being tracked through bluetooth so i always have it off

I can't really find it, but do emui (Huawei in particular) also get the Bluetooth Patch? I'm specifically asking for a P30 Pro because the last available Update was in february and their Website doesn't list it under any Update intervalls

@seytonic How about Bluetooth Gatt Service on Android that keeps on running in the background even though all Bluetooth settings are off?

Jay, thats one more security patch I'm not getting because my device is too old

David Bombal hosted OTW and they showed this exact hack using an example from Mr Robot

Will it affect Windows PCs? ???????

well done everything have vulnerable or does windows?

I hope the Bluetooth exploit isn't evident from the patches.

CIA,FBI, CCP : "And I would have gotten away with it too, if it weren't for you meddling Seytonic kids!"

You can even do that with a rooted android phone with custom kernal and kali nethunter

huh, sounds similar to that one scene in mr.robot

Already disabled bluetooth ages ago.

And this is why Apple should include a bluetooth toggle in the command center in iOS, or at least an option to have it instead of the fake toggle button they have now.

This is Very old news I remember learning about this 10+ years ago and the news was dated at that time.

I heard of that bluetooth thing years ago. I need my headphones bluetooth, or I'll forget I have a cord and my phone will fall on the floor. And I have autism, so I can't just not wear headphones. If I don't have them on when a lot of noises are happening, I'll start panicking

I only turn on Bluetooth if I need to use it because it runs out the phone power faster with it on

I would be very interested to know how to permanently disable BT on an Android, rather than just turning it off

Reminds me of that mr robot episode when he did the “impossible” Bluetooth hack

it would be a shame if the bluetooth exploit was used to serve a virtual bad usb device as a nas with some hacked-in open wrt features it was bad enough that we had to watch out for bt and wifi spoofs but imagine it used with bad usb to organize mesh botnets thruoughout

2012.... TWENTY TWELVE?!?!?!?!??!

Do you mean just turn off or turn completely off?

*3:14** valve is even worse than than I thought. HTML injection IN a bloody GAME?* What's next SQL injection?

Ah…the Old Bluetooth hack. Still making its rounds

I went on my Bluetooth list on my iPhone and I noticed two “devices” I didn’t recognize and the names were MAC addresses and I looked up the MAC address only to find out one is from china and the other from Korea. I don’t know if someone breached my iPhone? Or if I maybe connected to two speakers that I didn’t remember or whatever. Any opinions? I’m sure y’all could have more knowledge than me.

Maybe I will think about disabling Bluetooth on my Fedora 39 laptop and my PinePhone

Well hey, when one virus delete my bluetooth and all of the service files, I won't get infected by this- (this happened)

We used to hack and prank others in the late 2000s/early 2010s by using hacking software that after you accept the Bluetooth, your phone is under control.

You can turn off the Bluetooth keyboard setting on iOS

Don’t you just need to confirm to connect the device anyways? I literally don’t know why everyone is so worried

Yesterday i to use a work phone to clock in my job. Was in the parking lot trying to clock in and my screen was jumping around and it navigated to internet settings and was trying to type in an internet log in and pass. I think they gave up after a bit. There is nothing of value on that phone cause its a work phone but I'm wondering for you more tech savy users out there what were they trying to achieve by connecting to another internet?

At this point no one is safe honestly. No one

Well some sony erricson phone from 2008 can do this aswell. But they only act as mouse

Does it matter if you make your device undiscoverable?

Does this hack work if data is off?

I am going to make a PoC of the bluetooth i now have something besides bug bounties to do

Smart TV and Google Chromecast do not allow you to turn off Bluetooth 😢

knew it, i allways keep blue tooth of utill i need it and i hate how apple removed the headphone jack

Badusb via Bluetooth is already a thing with the flipper.

today my bluetooth says i have two devices every time i connect only my airpods for some reason and then i see this. i have a 15 pro max ios

damn ok i NEED my bluetooth always on for my cgm (constant glucose monitor) to work

I can understand how dangerous it would be if someone gained remote access to a laptop via bluetooth, but I can't understand understand how an android or iphone could be in danger if connected remotely via bluetooth unless you literally enable a setting that let's bluetooth connections access to your phone's management. I'm no expert and maybe there are ways of getting around of main android and ios bluethooth securities but I'd assume it would be no easy task. Tl;Dr don't leave your bluetooth open in public places, get wired headphones. and for ios users: have fun with your stupid phone that doesn't even have a physical headphone port.

3:57 DDOS is not the worst that can happen thats for sure bro 😂, of ftp or ssh ports are open shit bout to go down hill. Or even seeing them physically and right their doorbell 😂

I’m paranoid about my data anyways combined with what I know is capable… Every time I leave my house I make sure Bluetooth and Wi-Fi is shut off especially location! If only people was remotely aware of the amount of data was collect , how would you, fingerprinting, y’all would be the same way! It’s not hard to take anonymous data and compare it with data that is known Then, linking the device ID!

On linux the hackers cant do much without your sudo password

This is FUN