A variant of this attack works when bluetoothctl shows that bluetooth is
discoverable, pariable, and discovering (only a subset may be necessary). On
Ubuntu 22.04 Desktop this becomes true when the GNOME panel for
bluetooth settings is opened.
BlueZ's setting ClassicBondedOnly=true prevents this attack.
This parameter is not enabled in CVE-2020-0556 patches and all distros
I checked have not opted into this setting. Most members of the distros list
are likely affected.
Change-Id: Ib4883d1766d314bcd415308a9e4805e196462f3a
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>
# device connections. Several older mice have been known for not supporting
# pairing/encryption.
# Defaults to false to maximize device compatibility.
-#ClassicBondedOnly=true
+ClassicBondedOnly=true
#ifndef TIZEN_FEATURE_BLUEZ_MODIFY
# LE upgrade security