Detect a serious vulnerability in Linux that allows you to control your computer via Bluetooth

Google has detailed the presence of a major security flaw that affects Linux and allows you to take control of a computer via Bluetooth, and without further interaction.

Google has reported a serious security bug affecting the Bluetooth stack in Linux kernel versions below Linux 5.9 that support BlueZ.

This vulnerability is known as BleedingTooth and affects the Linux Bluetooth subsystem. If exploited, something that at the moment there is no knowledge would allow an attacker to execute arbitrary code with Kernel privileges and the bad thing about it is that the user does not even have to intervene to be attacked, since the failure occurs if Bluetooth is enabled.

BlueZ, which is known as the software stack that is implemented by default to all Bluetooth protocols for Linux, is present on all types of laptops and also on the Internet of Things (IoT) devices.

Google has shown how the bug works by being exploited through the video that accompanies the news. Google adds that"it is a zero-click Linux Bluetooth remote code execution failure" and in the video, we can see how the attack has been reproduced using commands on a laptop with Ubuntu to open the calculator on a second laptop.

Intel states that"incorrect entry validation in BlueZ can allow an unauthenticated user to potentially enable privilege escalation through adjacent access." Intel recommends upgrading the Linux kernel to version 5.10 or later.

In any case, the execution of the fault is not simple because the attacker would be required to be in the Bluetooth range of the victim's device.

Post a Comment