{"id":5799,"date":"2023-12-10T18:58:19","date_gmt":"2023-12-10T17:58:19","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5799"},"modified":"2023-12-10T18:58:19","modified_gmt":"2023-12-10T17:58:19","slug":"android-apple-i-linux-ranjivi-na-bluetooth-napad","status":"publish","type":"post","link":"http:\/\/sajberinfo.com\/en\/2023\/12\/10\/android-apple-i-linux-ranjivi-na-bluetooth-napad\/","title":{"rendered":"Android, Apple i Linux ranjivi na Bluetooth napad"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Ure\u0111aji koji koriste <em>Android, Apple<\/em> i <em>Linux<\/em> operativne sisteme su ranjivi na <em>Bluetooth<\/em> napad. Radi se o vi\u0161e godina staroj ranjivosti zaobila\u017eenja autentifikacije putem <em>Bluetooth<\/em> veze, gdje se <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernim akterima<\/a> omogu\u0107ava da se pove\u017eu sa <em>Android<\/em>, <em>Apple<\/em> i <em>Linux<\/em> ure\u0111ajima kako bi putem tastature izvr\u0161ili pokretanje proizvoljnih komandi.<\/span><\/p>\n<div id=\"attachment_5803\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5803\" class=\"size-full wp-image-5803\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Bluetooth-napad.jpg\" alt=\"Bluetooth napad\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Bluetooth-napad.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Bluetooth-napad-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Bluetooth-napad-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Bluetooth-napad-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Bluetooth-napad-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Bluetooth-napad-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Bluetooth-napad-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5803\" class=\"wp-caption-text\"><em>Android, Apple i Linux ranjivi na Bluetooth napad; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/10\/android-apple-i-linux-ranjivi-na-bluetooth-napad\/#ANDROID_APPLE_I_LINUX_RANJIVOST\" >ANDROID, APPLE I LINUX RANJIVOST<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/10\/android-apple-i-linux-ranjivi-na-bluetooth-napad\/#BLUETOOTH_NAPAD_FUNKCIONISANJE\" >BLUETOOTH NAPAD FUNKCIONISANJE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/10\/android-apple-i-linux-ranjivi-na-bluetooth-napad\/#AZURIRANJA\" >A\u017dURIRANJA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/10\/android-apple-i-linux-ranjivi-na-bluetooth-napad\/#ZAKLJUCAK\" >ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/10\/android-apple-i-linux-ranjivi-na-bluetooth-napad\/#ZASTITA\" >ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"ANDROID_APPLE_I_LINUX_RANJIVOST\"><\/span><strong><span style=\"font-size: 14pt;\"><em>ANDROID<\/em>, <em>APPLE<\/em> I <em>LINUX<\/em> RANJIVOST<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/github.com\/skysafe\/reblog\/tree\/main\/cve-2023-45866\" target=\"_blank\" rel=\"noopener\">Ranjivost je otkrio sigurnosni istra\u017eiva\u010d <em>Marc<\/em> <em>Newlin<\/em><\/a>, softverski in\u017einjer kompanije <em>SkySafe<\/em> za tehnologiju dronova. Rije\u010d je o ranjivosti sa oznakom <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-45866\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-45866<\/em><\/a>, a opisana je kao zaobila\u017eenja autentifikacije putem <em>Bluetooth<\/em> veze kod <em>Android<\/em>, <em>Linux<\/em>, <em>macOS<\/em>, i <em>iOS<\/em> ure\u0111aja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cVi\u0161e Bluetooth stekova ima ranjivosti zaobila\u017eenja autentifikacije koje dozvoljavaju napada\u010du da se pove\u017ee sa hostom koji se mo\u017ee otkriti bez korisni\u010dke potvrde i izvr\u0161i ubrizgavanje tastera.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/twitter.com\/marcnewlin\/status\/1732429155105681775\" target=\"_blank\" rel=\"noopener\"><em>Marc Newlin<\/em><\/a><em> &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Va\u017eno je napomenuti da ovaj napad ne zahtjeva nikakav specijalan hardver i mo\u017ee se izvesti sa <em>Linux<\/em> ra\u010dunara pomo\u0107u obi\u010dnog <em>Bluetooth<\/em> adaptera. Ranjivost uti\u010de na \u0161irok spektar ure\u0111aja koji koriste <em>Android<\/em> (sve do verzije <em>4.2.2<\/em>, koja je objavljena u novembru 2012.), <em>Linux<\/em>, <em>macOS<\/em>, i <em>iOS<\/em> operativne sisteme.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Treba napomenuti da ova ranjivost uti\u010de na <em>macOS<\/em>, i <em>iOS<\/em> operativne sisteme kada je <em>Bluetooth<\/em> omogu\u0107en i <em>Magic Keiboard<\/em> uparena sa ranjivim ure\u0111ajem. Tako\u0111e radi u <em>Apple LockDown Mode<\/em> re\u017eimu, koji je namijenjen za\u0161titi od naprednih digitalnih prijetnji.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"BLUETOOTH_NAPAD_FUNKCIONISANJE\"><\/span><span style=\"font-size: 14pt;\"><strong><em>BLUETOOTH<\/em> NAPAD FUNKCIONISANJE<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Napad obmanjuje ciljni ure\u0111aj da pomisli da je povezan sa <em>Bluetooth<\/em> tastaturom koriste\u0107i prednosti \u201c<em>neodobrenog mehanizma uparivanja<\/em>\u201d koji je definisan u <em>Bluetooth<\/em> specifikaciji. Uspje\u0161no iskori\u0161tavanje ove gre\u0161ke moglo bi da dozvoli zlonamjernom akteru u neposrednoj fizi\u010dkoj blizini da se pove\u017ee sa ranjivim ure\u0111ajem i prenese pritiske tastera na tastaturi za instaliranje aplikacija i pokretanje proizvoljnih komandi.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cIskori\u0161tavanje ove ranjivosti omogu\u0107ava zlonamjernim hakerima da daljinski kontroli\u0161u ne\u010diji ure\u0111aj. Mogu da preuzimaju aplikacije, \u0161alju poruke ili pokrec\u0301u razli\u010dite komande u zavisnosti od operativnog sistema.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/www.scmagazine.com\/news\/critical-bluetooth-flaw-could-take-over-android-apple-linux-devices\" target=\"_blank\" rel=\"noopener\"><em>Emily Phelps, Cyware Director<\/em><\/a><em> &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Kada ure\u0111aji me\u0111usobno komuniciraju, prvo dolazi do \u201c<em>rukovanja\u201d <\/em>(eng. <em>handshake<\/em>) gdje se dva sistema sla\u017eu da komuniciraju jedan sa drugim. Ono \u0161to je iskori\u0161teno u ovom napadu je to \u0161to mnogi ure\u0111aji \u017eele da to rukovanje u\u010dine \u0161to lak\u0161im, posebno \u0161to se tastature ne mo\u017ee koristiti dok se to rukovanje ne zavr\u0161i. Dakle, u ovom napadu rukovanje je minimalno i svodi se na sljede\u0107e: \u201c<em>Vidim da ste tastatura, pa dozvolite mi da vam dozvolim da razgovarate sa mnom<\/em>\u201d.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"AZURIRANJA\"><\/span><span style=\"font-size: 14pt;\"><strong>A\u017dURIRANJA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kompanija <em>Google<\/em> ka\u017ee da su sigurnosne ispravke koje se odnose na <em>CVE-2023-45866<\/em> u <em>Android<\/em> verzijama od <em>11<\/em> do <em>14<\/em>, dostupne <em>OEM<\/em> proizvo\u0111a\u010dima na koje se ona odnosi. Svi trenutno podr\u017eani <em>Pixel<\/em> ure\u0111aji \u0107e dobiti ovu ispravku preko decembarskih <em>OTA<\/em> a\u017euriranja. Detaljnije <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2023-12-01\" target=\"_blank\" rel=\"noopener\">ovdje<\/a>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Kod <em>Linux<\/em> operativnog sistema ova ranjivost je ispravljena 2020. godine, me\u0111utim <em>ChromeOS<\/em> je jedini operativni sistem zasnovan na <em>Linux<\/em> operativnom sistemu koji je omogu\u0107io ispravku. Druge Linux distribucije, uklju\u010duju\u0107i <em>Ubuntu<\/em>, <em>Debian<\/em>, <em>Fedora<\/em>, <em>Gentoo<\/em>, <em>Arch<\/em> i <em>Alpine<\/em> ovu ispravku su podrazumijevano onemogu\u0107ile. Prema zadnjim dostupnim informacijama, <em>Ubuntu <\/em>verzije <em>18.04, 20.04, 22.04<\/em> i <em>23.10<\/em> su i dalje ranjive.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Kompanija <em>Apple<\/em> je upoznata sa ovom ranjivo\u0161\u0107u u avgustu, me\u0111utim kompanija nije potvrdila izvje\u0161taj, niti je odredila vremenski okvir za objavu ispravke za ovu ranjivost.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>Bluetooth<\/em> tehnologija je prisutna godinama i smatra se bezbjednom sa dobro uspostavljenim standardom za be\u017ei\u010dnu komunikaciju. Zbog toga bi se ova ranjivost mogla zloupotrebljavati da se ugroze milijarde ure\u0111aja \u0161irom svijeta. To mogu biti laptop ure\u0111aji, pametni telefoni, razli\u010dite vrste senzora koji su povezani na internet i jo\u0161 mnogo toga.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Za ure\u0111aje koji imaju dostupno a\u017euriranje za ovu ranjivost, korisnici bi trebalo odmah da ga primjene. Za ure\u0111aje koji \u010dekaju na sigurnosno a\u017euriranje za ovu ispravku, korisnici bi trebalo da prate dostupnost a\u017euriranja, kao i da primjene mjere ubla\u017eavanja kao \u0161to je onemogu\u0107avanje <em>Bluetooth<\/em> povezivanja kada se ne koristi.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Ure\u0111aji koji koriste Android, Apple i Linux operativne sisteme su ranjivi na Bluetooth napad. Radi se o vi\u0161e godina staroj ranjivosti zaobila\u017eenja autentifikacije putem Bluetooth veze, gdje se zlonamjernim akterima omogu\u0107ava da se pove\u017eu&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5803,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[187,323,616,617,186,141,144],"class_list":["post-5799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-android","tag-apple","tag-bluetooth","tag-cve-2023-45866","tag-ios","tag-linux","tag-macos"],"_links":{"self":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5799"}],"version-history":[{"count":0,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5799\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5803"}],"wp:attachment":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5799"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}