BleedingTooth Bluetooth vulnerability allows RCE in Linux devices

 hackread.com  10/16/2020 16:36:56 

Bluetooth has been for long, one of the most used communication protocols due to the ease it offers. However, there have been vulnerabilities discovered in the past with 3 more surfacing recently.

Discovered by a researcher named Andy Nguyen who happens to be a Google engineer, they have been collectively dubbed as BleedingTooth and make devices vulnerable to remote code execution (RCE) without any clicks.

A caveat is that only Linux devices can be targeted this way. Nonetheless, it still is pretty lethal as privilege escalation is a possibility when the flaw is exploited.

See: BlueRepli attack lets hackers bypass Bluetooth authentication on Android

Going into detail, the vulnerability is found in a piece of software named BlueZ which is responsible for all Bluetooth based connections and other implementations in Linux systems. Explaining, Andy states that,

[It allows an] unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.

Not only this, but the information could also be stolen due to a lack of proper access controls in BlueZ, and denial of service (D0S) attacks may be executed “via adjacent access” as detailed by an Intel security advisory.

A demonstration of the attack in the process has also been uploaded by Andy on YouTube as shown below:

To conclude, seeing the seriousness of it, Intel has on the other hand ranked one of the vulnerabilities (CVE-2020-12351) as highly severe deserving a score of 8.3/10.

The good news is that security patches have already been issued therefore if you are on a Linux system make sure it is upgraded.

See: Update your devices: New Bluetooth flaw lets attackers monitor traffic

Nonetheless, all users should still manually do some checking and make sure that their particular version of Linux has received the patch. If not, disabling Bluetooth entirely may be the safest option or manually installing kernel fixes.

Did you enjoy reading this article? Do like our page onFacebookand follow us onTwitter.

« Go back

Top news today

By the numbers: WATCH Russian synchronized swimming star Kristina Makushenko's INCREDIBLE display of flexibility 01/16/2021 13:29:27
NASA's 'megarocket' set for crucial test - 7NEWS.com.au 01/16/2021 21:06:41
How to Open an MBOX File (Using Mozilla Thunderbird) 01/16/2021 08:00:05
As officials talk of tighter lockdown, Italian restaurants open their doors in protest (VIDEOS) 01/16/2021 14:37:08
How to Watch YouTube Picture-in-Picture in Safari on Mac 01/16/2021 11:23:54
Tonga's dog population surges as coronavirus restrictions keep foreign vets out of the country - ABC News 01/16/2021 18:53:00
Celebrity chef Neil Perry speaks out about his daughter Josephine's wedding to Michael Clift - Daily Mail 01/16/2021 13:06:30
Stretching beats walking when it comes to lowering blood pressure 01/16/2021 17:58:46
Jennifer was forced to leave her 15-year-old son behind in London, now she worries he may be stuck in the UK - ABC News 01/16/2021 18:51:00
Va. man arrested at inauguration checkpoint says he was lost; didn’t mean to bring gun, ammunition to the District - The Washington Post 01/16/2021 23:41:00
Philippines announces travel restrictions on flyers from UAE 01/16/2021 11:15:53
Donald Trump’s accounts RESTORED on Facebook & Instagram, no activity detected so far 01/16/2021 10:51:48
Frisco realtor Jenna Ryan arrested, charged for role in U.S. Capitol riot - FOX 4 Dallas 01/16/2021 02:10:40
How to Use Sticker Packs in Signal 01/16/2021 09:30:32
A Spanish mountain climber has died after falling from K2 01/16/2021 20:43:05