9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
In a Bluetooth Impersonation Attack (or BIAS), hackers can exploit weaknesses in the Bluetooth protocol to impersonate a trusted device. “BOSE QC Headphones” in the Bluetooth menu could be a low-orbiting ion cannon waiting for an end-user to connect to it before unleashing all sorts of damage.
This week, I want to again share how hackers can use Flipper Zero to send sneaky keystrokes to a Mac if a victim connects to a potentially malicious Bluetooth device. This isn’t going to be a complete tutorial since there are tons of guides out there already. Instead, I want to point out how easy it is to pull this off, to make you a bit more paranoid.
Out of the box, Flipper Zero is a pretty harmless pen-testing tool. However, since the device is open source, it can be modified with third-party firmware (in this case, Xtreme) that provides an array of applications that take advantage of the device’s feature-rich hardware. This is the same Xtreme that was making headlines in 2023 with its ability to crash iPhones with fake BLE pairing sequences.
Also baked in is a wireless rubber ducky keyboard called “Bad USB” that works on BLE (Bluetooth Low Energy). It’s primarily used for automating tasks or testing device security by simulating a keyboard, entering keystrokes, and executing scripts much faster than a human can. This, in combination with BLE’s 100-meter range, also makes it an attractive tool for hackers.
It took me just four steps and 20 minutes to execute a script to rickroll my MacBook Air.
Open the Bad USB module on Flipper Zero with Xtreme firmware installed. Upload your payload of choice to the Flipper. I created my own .txt script to open YouTube. Pick a clever Bluetooth device name and connect to it. I live in a dense area of the city, so I kept mine the default (BadUSB At1l1). Once shown as paired, I executed the payload.
It’s not just Macs. This attack can also be carried out on iPhone, iPad, and Windows devices. Of course, attackers could inflict much worse than a rickroll.
Victim’s POV
What the victim (my MacBook Air) sees after the attacker (me) executes a custom script from Flipper.
... continue reading