Tech News

Serious vulnerability is detected in Linux that allows controlling the equipment via Bluetooth

Photo of qasim khizer Malik qasim khizer MalikOctober 17, 2020
0 1 minute read
Linux
Linux, bluetooth
Image by – DepositPhotos.com

Google has detailed the presence of a significant security flaw that affects Linux—allowing taking control of a computer through Bluetooth without further interaction.

Google has reported a serious security flaw affecting the Bluetooth stack on Linux kernel versions below Linux 5.9 that support BlueZ.

This vulnerability is known as BleedingTooth and affects the Bluetooth subsystem of Linux. If it exploits something that, at the moment, there is no knowledge of, it will allow the attacker to create an irrational code for Kernel rights. The end-user does not have to intervene to attack since the failure occurs if he activates Bluetooth.

BlueZ is the name for the software stack implemented by default to all Bluetooth protocols for Linux. Is it present in all laptops and Internet of Things (IoT) devices?

Google has shown the operation of the exploited failure through the video accompanying the news. Google adds, “it is a zero-click Linux Bluetooth remote code execution flaw.” We can see how the attack has been reproduced using a Ubuntu laptop’s commands to open the calculator on a second laptop in the video.

Intel stated that “incorrect input validation in BlueZ can allow an unauthenticated user to enable privilege escalation through adjacent access potentially.” Intel recommends updating the Linux kernel to version 5.10 or later.

In any case, the failure’s execution is not easy because the attacker must be in the Bluetooth range of the victim’s device.

According to Francis Perry of the Google Product Security Event Response Team. An intruder within the Bluetooth range who knows the device’s Bluetooth address (bd address) can create a code of dispute over kernel rights. BleedingTooth affects Linux kernel versions 5.8 and above but not Linux 5.9 and above.

“A remote attacker knowing the victim’s bd address can send a malicious l2cap packet. And cause service refusal or improper coding by kernel rights. Vicious Bluetooth chips can also pose a risk,” Perry wrote.

Read More:-

Windows 10 will change its kernel in real-time to protect against malware

Security Flaws in Virtualization Software: How to Mitigate Risks

Find The IP address of your Computer

The latest Chinese version of Xiaomi Mi 10 Lite in Characteristics: Find the Mi 10 Youth Edition

Photo of qasim khizer Malik qasim khizer MalikOctober 17, 2020
0 1 minute read
Photo of qasim khizer Malik

qasim khizer Malik

Related Articles

Spotify

Spotify launches on Its First Nationwide Campaign in Pakistan With “Jaisa Mood Waisi Dhun”

June 10, 2022
buy an ipad

Buy an iPad in 2020, what options do I have?

February 12, 2020
internet connection

Five Reasons why your Operator can expel you from the Internet Connection

February 17, 2020
Facebook Dark Mode

Facebook Dark Mode, At last releases on iOS

November 2, 2020

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button