Serious vulnerability is detected in Linux that allows controlling the equipment via Bluetooth

qasim khizer MalikOctober 17, 2020

0 1 minute read

Linux, bluetooth — Image by – DepositPhotos.com

Google has detailed the presence of a significant security flaw that affects Linux—allowing taking control of a computer through Bluetooth without further interaction.

Google has reported a serious security flaw affecting the Bluetooth stack on Linux kernel versions below Linux 5.9 that support BlueZ.

This vulnerability is known as BleedingTooth and affects the Bluetooth subsystem of Linux. If it exploits something that, at the moment, there is no knowledge of, it will allow the attacker to create an irrational code for Kernel rights. The end-user does not have to intervene to attack since the failure occurs if he activates Bluetooth.

BlueZ is the name for the software stack implemented by default to all Bluetooth protocols for Linux. Is it present in all laptops and Internet of Things (IoT) devices?

Google has shown the operation of the exploited failure through the video accompanying the news. Google adds, “it is a zero-click Linux Bluetooth remote code execution flaw.” We can see how the attack has been reproduced using a Ubuntu laptop’s commands to open the calculator on a second laptop in the video.

Table of Contents

Intel stated that “incorrect input validation in BlueZ can allow an unauthenticated user to enable privilege escalation through adjacent access potentially.” Intel recommends updating the Linux kernel to version 5.10 or later.

In any case, the failure’s execution is not easy because the attacker must be in the Bluetooth range of the victim’s device.

According to Francis Perry of the Google Product Security Event Response Team. An intruder within the Bluetooth range who knows the device’s Bluetooth address (bd address) can create a code of dispute over kernel rights. BleedingTooth affects Linux kernel versions 5.8 and above but not Linux 5.9 and above.

“A remote attacker knowing the victim’s bd address can send a malicious l2cap packet. And cause service refusal or improper coding by kernel rights. Vicious Bluetooth chips can also pose a risk,” Perry wrote.