BleedingTooth
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
https://twitter.com/theflow0/status/1316071793707364353?
BleedingTooth: critical kernel Bluetooth vulnerability
BlueZ Advisory: Severity rating, HIGH - All Linux kernel versions before 5.9 that support BlueZ
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://web.archive.org/web/20201014200119/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://lwn.net/Articles/834297/#Comments
The latest security information on Intel® products.
BlueZ Advisory
Intel ID: INTEL-SA-00435
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Information Disclosure
Severity rating: HIGH
Original release: 10/13/2020
Last revised: 10/13/2020
Summary:
Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure. BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.
Vulnerability Details:
http://www.bluez.org/
https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
Google Warns of Severe 'BleedingTooth' Bluetooth Flaw in Linux Kernel
Google warns of severe 'BleedingTooth' Bluetooth flaw in Linux kernel
BleedingTooth: Vulnerabilities in Linux Bluetooth Allow Zero-Click Attacks:
A remote attacker within short range of a vulnerable device can trigger the flaw through broadcasting extended advertising data. This could lead to denial of service or even arbitrary code execution with kernel privileges.
Only devices that feature Bluetooth 5 chips and which are in scanning mode are vulnerable to this flaw, but an attacker could also use malicious chips to trigger the vulnerability, Google's researchers note.
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution (24s video)
(Score: 0) by Anonymous Coward on Saturday October 17, @03:20AM
Has it finally matured? I know there are still douchebags walking around with wireless ear piece shouting up like loonies with loose screws talking to himself, but all my bluetooth device experiences has been disappointing, an immature tech with intermittent cut-off, failing to pair up, etc.
(Score: 2) by coolgopher on Saturday October 17, @04:58AM (8 children)
I mean, is anyone even using that stack? Last time I looked the documentation was next to non-existent, and even the developers themselves were recommending people just write wrapper scripts around the few command line tools that come with BlueZ.
(Score: 3, Interesting) by Mojibake Tengu on Saturday October 17, @06:42AM (7 children)
Meanwhile, ChromeOS is reverting to BlueZ because NewBlue project failed...
https://www.androidpolice.com/2020/09/14/the-rise-and-fall-of-newblue-googles-attempt-to-fix-bluetooth-on-chrome-os/ [androidpolice.com]
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 0) by Anonymous Coward on Saturday October 17, @08:36AM (6 children)
That seems odd. Didn't they have another implementation they use for Android or did that fail too? All I know is I spoke to someone who worked with Bluetooth once, and his take on it was that the specification and documentation was so long, convoluted, and complicated that he wasn't even sure the designers grasped all of it.
(Score: 1, Interesting) by Anonymous Coward on Saturday October 17, @11:17AM (4 children)
It's definitely a "design by committee" tech. It had a great idea for the opening act. Low power, short range, modestly low data rates. Not quite dedicated to audio, but lots of audio support.
Then it grew. People wanted more range, more bandwidth, etc... so they kept updating it.
From the original 3m range, bluetooth 5.0 has been expanded up to 400m and over 40x the power usage.
(Score: 4, Touché) by acid andy on Saturday October 17, @12:47PM (3 children)
What the hell does that give you that Wi-Fi doesn't? It should have remained a very short range protocol. Increasing the range massively increases the likelihood of an attacker being within range.
May you live in boring times.
(Score: 0) by Anonymous Coward on Saturday October 17, @05:45PM (2 children)
Probably for bluetooth speakers.
(Score: 0) by Anonymous Coward on Saturday October 17, @08:42PM (1 child)
That's all you can think of? Trivially offhand I can think of many use cases where point to point connections / mesh topology / peering is better suited than hubs and hierarchic networking, for very physical reasons, eg.:
Consider a herd of cattle. "Is everyone in the herd within 400m" and "who in the herd last saw Cow 42" are both useful inputs when trying to monitor losses, and decentralized low-power peering on collars like this provides that very well.
Fun thought: ringing the triangle to get the cows to come home to feed water and lie up for the night might be replaced with a collar beeper.
(Score: 0) by Anonymous Coward on Saturday October 17, @09:49PM
Most of your examples would probably use zigbee or the like for lower power consumption and greater range. The house intercomm would likely just simple radio transmission over an unlicensed band like 27Mhz or 900Mhz, as it is cheap and proven (it is how these things work today).
The use cases will be things connecting a smart phone to the product from a distance that might cover a single family residence that isn't better served by wifi-- yeah, the only thing I can think of is speakers.
(Score: 0) by Anonymous Coward on Saturday October 17, @09:08PM
Before 2012 Android used BlueZ (GPL), then switched to BlueDroid (MIT) and later renamed it Flouride https://en.wikipedia.org/wiki/Bluetooth_stack#BlueDroid/Fluoride [wikipedia.org] At first it was not good, but maybe it improved since then https://lwn.net/Articles/597293/ [lwn.net]
(Score: 0) by Anonymous Coward on Sunday October 18, @12:20AM
It's almost like someone was paying Poettering to introduce new attack surfaces.