Bluetooth has been for long, one of the most used communication protocols due to the ease it offers. However, there have been vulnerabilities discovered in the past with 3 more surfacing recently.
Discovered by a researcher named Andy Nguyen who happens to be a Google engineer, they have been collectively dubbed as BleedingTooth and make devices vulnerable to remote code execution (RCE) without any clicks.
A caveat is that only Linux devices can be targeted this way. Nonetheless, it still is pretty lethal as privilege escalation is a possibility when the flaw is exploited.
See: BlueRepli attack lets hackers bypass Bluetooth authentication on Android
Going into detail, the vulnerability is found in a piece of software named BlueZ which is responsible for all Bluetooth based connections and other implementations in Linux systems. Explaining, Andy states that,
[It allows an] unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.
Not only this, but the information could also be stolen due to a lack of proper access controls in BlueZ, and denial of service (D0S) attacks may be executed “via adjacent access” as detailed by an Intel security advisory.
A demonstration of the attack in the process has also been uploaded by Andy on YouTube as shown below:
[embedded content]
To conclude, seeing the seriousness of it, In ..
Support the originator by clicking the read the rest link below.
