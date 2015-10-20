Stories
Slash Boxes
Comments

SoylentNews is people

BleedingTooth: Critical Kernel Bluetooth Vulnerability

posted by takyon on Saturday October 17, @02:00AM   Printer-friendly [Skip to comment(s)]
from the bloody-gums dept.
Security

BleedingTooth

Mojibake Tengu writes:

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

This one will be big. More links in the link

https://twitter.com/theflow0/status/1316071793707364353?

BleedingTooth: critical kernel Bluetooth vulnerability

An Anonymous Coward writes:

BlueZ Advisory: Severity rating, HIGH - All Linux kernel versions before 5.9 that support BlueZ

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://web.archive.org/web/20201014200119/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://lwn.net/Articles/834297/#Comments

The latest security information on Intel® products.
BlueZ Advisory
Intel ID: INTEL-SA-00435
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Information Disclosure
Severity rating: HIGH
Original release: 10/13/2020
Last revised: 10/13/2020
Show more Show less View all
Summary:

Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure. BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.
Vulnerability Details:

-----------------
http://www.bluez.org/
https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649

Google Warns of Severe 'BleedingTooth' Bluetooth Flaw in Linux Kernel

upstart writes in with an IRC submission for Fnord666:

Google warns of severe 'BleedingTooth' Bluetooth flaw in Linux kernel

BleedingTooth: Vulnerabilities in Linux Bluetooth Allow Zero-Click Attacks:

A remote attacker within short range of a vulnerable device can trigger the flaw through broadcasting extended advertising data. This could lead to denial of service or even arbitrary code execution with kernel privileges.

Only devices that feature Bluetooth 5 chips and which are in scanning mode are vulnerable to this flaw, but an attacker could also use malicious chips to trigger the vulnerability, Google's researchers note.

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution (24s video)

Original Submission #1Original Submission #2Original Submission #3


«  US Lockdowns Cut Personal Noise Exposure by Nearly Half, Study Finds | Tab, Coca-Cola’s Diet-Soda Pioneer and a ’70s Icon, Is Going Away  »
BleedingTooth: Critical Kernel Bluetooth Vulnerability | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: -1, Spam) by Anonymous Coward on Saturday October 17, @02:42AM

    by Anonymous Coward on Saturday October 17, @02:42AM (#1065702)

    NO ID2020 NO MICROCHIP NO MARK

    WO2020060606

    Here is the patent for Microsoft 1. WO2020060606 - CRYPTOCURRENCY SYSTEM
    USING BODY ACTIVITY DATA

    Look at the patent number, literally, "world order 2020 666." This from the
    same guy who is publicly saying he wants to put microchip tracking on every
    human on earth to prove you have been vaccinated, to allow you to buy or
    sell.. Bill Gates needs to Beg God for forgiveness. Science with out Gods
    standards is propelling humanity towards a calamity of biblical proportions.
    Even if Bill repents, Elon Musk has made and is rolling out a 5g satellite
    grid around the whole earth and brain chips. This is not a joke, this is
    some fucked up shit..

    - Revelation 13:16:
    And he causeth all, both small and great, rich and poor, free and bond, to
    receive a mark in their right hand, or in their foreheads.

    - Revelation 14:9:
    And the third angel followed them, saying with a loud voice, If any man
    worship the beast and his image, and receive his mark in his forehead, or
    in his hand, 10 The same shall drink of the wine of the wrath of God,
    which is poured out without mixture into the cup of his indignation; and he
    shall be tormented with fire and brimstone in the presence of the holy
    angels, and in the presence of the Lamb.

    #=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#

    MAKE AMERICA LOBOTOMIZED AGAIN
    -------------------------------
    The Untold Story of JFK's Sister, Rosemary Kennedy, and Her Disastrous Lobotomy
    https://people.com/politics/untold-story-of-rosemary-kennedy-and-her-disastrous-lobotomy/ [people.com]

    The Forgotten Story Of Rosemary Kennedy, Who Was Lobotomized So That JFK Could Succeed
    https://allthatsinteresting.com/rosemary-kennedy-lobotomy [allthatsinteresting.com]

    The Truth About Rosemary Kennedy's Lobotomy
    A never-before-seen photo surfaces of the forgotten Kennedy, who, after a disastrous
    lobotomy, was rarely heard from again
    https://people.com/books/rosemary-kennedy-the-truth-about-her-lobotomy/ [people.com]

    When Rosemary was 23 years of age, doctors told her father that a form of psychosurgery
    known as a lobotomy would help calm her mood swings and stop her occasional violent
    outbursts.
    https://en.wikipedia.org/wiki/Rosemary_Kennedy#Lobotomy [wikipedia.org]

  • (Score: 0) by Anonymous Coward on Saturday October 17, @03:20AM

    by Anonymous Coward on Saturday October 17, @03:20AM (#1065714)

    Has it finally matured? I know there are still douchebags walking around with wireless ear piece shouting up like loonies with loose screws talking to himself, but all my bluetooth device experiences has been disappointing, an immature tech with intermittent cut-off, failing to pair up, etc.

  • (Score: 2) by coolgopher on Saturday October 17, @04:58AM (8 children)

    by coolgopher (1157) Subscriber Badge on Saturday October 17, @04:58AM (#1065734)

    I mean, is anyone even using that stack? Last time I looked the documentation was next to non-existent, and even the developers themselves were recommending people just write wrapper scripts around the few command line tools that come with BlueZ.

    • (Score: 3, Interesting) by Mojibake Tengu on Saturday October 17, @06:42AM (7 children)

      by Mojibake Tengu (8598) on Saturday October 17, @06:42AM (#1065743) Journal

      Meanwhile, ChromeOS is reverting to BlueZ because NewBlue project failed...

      https://www.androidpolice.com/2020/09/14/the-rise-and-fall-of-newblue-googles-attempt-to-fix-bluetooth-on-chrome-os/ [androidpolice.com]

      --
      The edge of 太玄 cannot be defined, for it is beyond every aspect of design

      • (Score: 0) by Anonymous Coward on Saturday October 17, @08:36AM (6 children)

        by Anonymous Coward on Saturday October 17, @08:36AM (#1065760)

        That seems odd. Didn't they have another implementation they use for Android or did that fail too? All I know is I spoke to someone who worked with Bluetooth once, and his take on it was that the specification and documentation was so long, convoluted, and complicated that he wasn't even sure the designers grasped all of it.

        • (Score: 1, Interesting) by Anonymous Coward on Saturday October 17, @11:17AM (4 children)

          by Anonymous Coward on Saturday October 17, @11:17AM (#1065778)

          It's definitely a "design by committee" tech. It had a great idea for the opening act. Low power, short range, modestly low data rates. Not quite dedicated to audio, but lots of audio support.
          Then it grew. People wanted more range, more bandwidth, etc... so they kept updating it.

          From the original 3m range, bluetooth 5.0 has been expanded up to 400m and over 40x the power usage.

          • (Score: 4, Touché) by acid andy on Saturday October 17, @12:47PM (3 children)

            by acid andy (1683) on Saturday October 17, @12:47PM (#1065788) Homepage Journal

            From the original 3m range, bluetooth 5.0 has been expanded up to 400m and over 40x the power usage.

            What the hell does that give you that Wi-Fi doesn't? It should have remained a very short range protocol. Increasing the range massively increases the likelihood of an attacker being within range.

            --
            May you live in boring times.

            • (Score: 0) by Anonymous Coward on Saturday October 17, @05:45PM (2 children)

              by Anonymous Coward on Saturday October 17, @05:45PM (#1065863)

              Probably for bluetooth speakers.

              • (Score: 0) by Anonymous Coward on Saturday October 17, @08:42PM (1 child)

                by Anonymous Coward on Saturday October 17, @08:42PM (#1065898)

                Probably for bluetooth speakers.

                That's all you can think of? Trivially offhand I can think of many use cases where point to point connections / mesh topology / peering is better suited than hubs and hierarchic networking, for very physical reasons, eg.:

                • Connection to a car "down the block",
                • field cameras and deercams out in the yard and across the creek,
                • intrahouse intercom,
                • distributed and moving sensors like animal trackers

                Consider a herd of cattle. "Is everyone in the herd within 400m" and "who in the herd last saw Cow 42" are both useful inputs when trying to monitor losses, and decentralized low-power peering on collars like this provides that very well.

                Fun thought: ringing the triangle to get the cows to come home to feed water and lie up for the night might be replaced with a collar beeper.

                • (Score: 0) by Anonymous Coward on Saturday October 17, @09:49PM

                  by Anonymous Coward on Saturday October 17, @09:49PM (#1065913)

                  Most of your examples would probably use zigbee or the like for lower power consumption and greater range. The house intercomm would likely just simple radio transmission over an unlicensed band like 27Mhz or 900Mhz, as it is cheap and proven (it is how these things work today).

                  The use cases will be things connecting a smart phone to the product from a distance that might cover a single family residence that isn't better served by wifi-- yeah, the only thing I can think of is speakers.

        • (Score: 0) by Anonymous Coward on Saturday October 17, @09:08PM

          by Anonymous Coward on Saturday October 17, @09:08PM (#1065907)

          Before 2012 Android used BlueZ (GPL), then switched to BlueDroid (MIT) and later renamed it Flouride https://en.wikipedia.org/wiki/Bluetooth_stack#BlueDroid/Fluoride [wikipedia.org] At first it was not good, but maybe it improved since then https://lwn.net/Articles/597293/ [lwn.net]

  • (Score: 0) by Anonymous Coward on Sunday October 18, @12:20AM

    by Anonymous Coward on Sunday October 18, @12:20AM (#1065951)

    It's almost like someone was paying Poettering to introduce new attack surfaces.

(1)