
#BHUSA: Android Phones at Risk of BlueRepli Bluetooth Attack - clairity
https://www.infosecurity-magazine.com/news/bhusa-android-risk-bluetooth/
======
clairity
anyone else getting hit with rogue bluetooth devices connecting to your own
devices/computers? i found this article from a cursory search after observing
an attack on my mac (i'm doubtful it's the attack on my machine though).

with apple's concerted push over the past few years, i now begrudgingly leave
bluetooth mostly on, which admittedly is a security risk.

but only recently have i had a real, known issue crop up. in the past few
weeks, i have had a OnePlus 7T device (or at least claiming to be so)
continuously connect to my macbook pro (2015 15", mojave 10.14.6). the first
couple times, i just disconnected and assumed it was a mistaken mispairing.

but this morning, i've been monitoring this device as it repeated connects. it
can pair with my mac without user interaction and will re-pair if i disconnect
it. i'll then force remove it as a known device, but it's still able to pair
again. once i force remove it a couple times, it changes MAC addresses and
then starts the cycle all over again. these don't show up as bluetooth devices
on my iOS devices, but do show up as a bunch of "Misc" entries on my (older)
android device. i live in a medium density area so it's very possible this is
someone else's device leaking over.

does anyone know what this is and how to counter it? i'm guessing it's a worm
of some sort, but have no obvious way to delve deeper.

