Dangerous Bluetooth vulnerability found in Linux

Posted on Thursday, October 15 2020 @ 16:30 CEST by Thomas De Maesschalck
Security researchers from Google and Intel discovered a high-severity security vulnerability in Linux. The bug concerns BlueZ, a software stack that implements all Bluetooth core protocols and layers for Linux. Attackers can exploit the vulnerability to execute arbitrary code with kernel kernel privileges. The only catch is that the attacker needs to be within Bluetooth range. BlueZ is used by Linux-based laptops as well as various Internet of Things devices. Android (version 4.2 or higher) devices don't use BlueZ.

ARS Technica says the real-world risk is pretty low:
“I don’t really worry about bugs like these,” Dan Guido, mobile security specialist and the CEO of security firm Trail of Bits, told me. “I’m glad someone is finding them and getting them fixed, but it’s not a big concern for me.”

The lack of real-world risk is a good thing. Many IoT devices receive few if any security updates, making it likely that many devices used in both homes and businesses will remain vulnerable to BleedingTooth for the rest of the time they’re used. Many of these devices were likely already vulnerable to BlueBorne and several other security bugs that have bitten Bluetooth in the past. So far, there are no reports of any of them being actively exploited.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews