A security vulnerability has been discovered in the Bluetooth stack used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
It has been found that BlueZ does not properly restrict non-bonded devices from injecting Human Interface Device (HID) events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and mouse events – and execute arbitrary commands when the device is discoverable.
Mitigation
Use wired USB devices for keyboard and mouse.
Disable Bluetooth in Setup Devices > Bluetooth.
Update Instructions
OS 12: Update to OS 12 base system app version 12.3.1 (planned to be released on 6 Feb 2024).
OS 11: IGEL is preparing an OS 11 release with fixed Bluetooth.