Kali Linux: Ethical Hacking Getting Started Course - Android Bluetooth Hacking

Big thank you to Brilliant for sponsoring this video! Try Brilliant for free (for 30 days) and to get a 20% discount, visit: https://Brilliant.org/DavidBombal CVE-2023-45866 allows attackers to remotely control an Android phone (and other devices) without pairing. Details: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Source: Mitre See CVE details here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45866 https://nvd.nist.gov/vuln/detail/CVE-2023-45866 How to stop / mitigate this attack: 1) Upgrade your phone / install security patches on Android for versions 11 and later. Unfortunately earlier versions cannot be patched (Android 10 and earlier) 2) Note: For the script to discover the MAC address of the phone, the phone needs to be in pairing mode. 3) Turn off Bluetooth if not being used // Script and instructions here // GitHub: https://github.com/pentestfunctions/BlueDucky // Occupy The Web Books // Linux Basics for Hackers: US: https://amzn.to/3wqukgC UK: https://amzn.to/43PHFev Getting Started Becoming a Master Hacker US: https://amzn.to/4bmGqX2 UK: https://amzn.to/43JG2iA Network Basics for hackers: US: https://amzn.to/3yeYVyb UK: https://amzn.to/4aInbGK // OTW Discount // Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/ // Occupy The Web SOCIAL // X: https://twitter.com/three_cube Website: https://hackers-arise.net/ // GitHub CODE // https://github.com/pybluez/pybluez // Amazon LINKS // Rasberry Pi 5: US: https://amzn.to/3JZKoZD UK: https://amzn.to/3JTBixC ASUS USB/BT-500USB US: https://amzn.to/4abnPfl UK: https://amzn.to/3QDsOOO // Playlists REFERENCE // Linux Basics for Hackers: https://www.youtube.com/watch?v=YJUVNlmIO6E&list=PLhfrWIlLOoKOs-fjCPHdzD2icF2vORfwK&pp=iAQB Mr Robot: https://www.youtube.com/watch?v=3yiT_WMlosg&list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q&pp=iAQB Hackers Arise / Occupy the Web Hacks: https://www.youtube.com/watch?v=GxkKszPVD1M&list=PLhfrWIlLOoKOf1Ru_TFAnubVuWc87i-7z&pp=iAQB // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: [email protected] // MENU // Hacking Wordpress Websites with Python in seconds (using the Dark Web and Telegram data) 00:00 - Bluetooth hacking quick demo 03:05 - Brilliant sponsored segment 03:57 - The Bluetooth vulnerability explained // OccupyTheWeb 05:26 - How the vulnerability works 08:16 - Bluetooth hacking demo 09:26 - Setting up for the hack // BlueZ 12:12 - BlueZ tools demo 13:50 - Scanning for Bluetooth devices 17:58 - Other tools 23:20 - Running BlueDucky // Hacking Bluetooth demo 25:50 - The possibilities of Bluetooth hacking 28:04 - Older Android versions are at risk // Keeping devices up to date 30:17 - Bluetooth hacking for other operating systems 30:52 - Hacking Bluetooth speakers 34:04 - OTW books & plans for future videos 34:52 - Conclusion android iphone bluetooth raspberry pi macos windows samsung pixel google apple microsoft linux ubuntu blue tooth flipper zero google pixel ble Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #android #iphone #bluetooth