Hi Alain, > It was discovered that BlueZ's HID and HOGP profiles implementations > don't specifically require bonding between the device and the host. > > This creates an opportunity for an malicious device to connect to a > target host to either impersonate an existing HID device without > security or to cause an SDP or GATT service discovery to take place > which would allow HID reports to be injected to the input subsystem from > a non-bonded source. > > This patch series addresses the issue by ensuring that only connections > from devices that are bonded are accepted by the HID and HOGP profile > implementation. > > More information about the vulnerability is available here: > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html > > Alain Michaud (2): > HOGP must only accept data from bonded devices. > HID accepts bonded device connections only. > > profiles/input/device.c | 23 ++++++++++++++++++++++- > profiles/input/device.h | 1 + > profiles/input/hog.c | 4 ++++ > profiles/input/input.conf | 8 ++++++++ > profiles/input/manager.c | 13 ++++++++++++- > 5 files changed, 47 insertions(+), 2 deletions(-) both patches have been applied. However I changed BrBondedOnly configuration name into ClassicBondedOnly since that name seemed more obvious to me. The prefix Br has never been used and the Bluetooth SIG started calling it Classic a while back. Regards Marcel
