Welcome to the IKCEST
English
English 中文 русск français español العربية

Language

We detect your regional language is French. Do you want to change site's language to French? You may choose other languages.

International

English
中文
русск
français
español
العربية
No Change
Old Version Old Version
Mobile
Scan this QR code on your phone to browse IKCEST
Sign up Notification
LV1 10/100
User Center
My Training Class
Feedback
 Logout
Become author
ALL
ALL Expert Article Patent Conference Article Book Organization
Multilingual Search
Advanced Search
Hot Search:

Bluetooth flaw in Linux kernel allows nearby hackers to execute code
Oct 16, 2020

Source: https://techxplore.com/news/2020-10-bluetooth-flaw-linux-kernel-nearby.html

It takes around min to read this article.

October 16, 2020 report

Bluetooth flaw in Linux kernel allows nearby hackers to execute code

by Bob Yirka , Tech Xplore

Linux
Credit: Pixabay/CC0 Public Domain

Google engineer Andy Nguyen is reporting via a Twitter thread that a new security vulnerability has been found in Linux operating systems that run a Bluetooth software stack called BlueZ. Nguyen has named the vulnerability BleedingTooth and claims in his Twitter post that the vulnerability allows nearby hackers to conduct zero-click root-level code execution.

Linux is an very similar to Unix—it became popular over a decade ago as a research and due to its open-source licensing and zero cost. In more recent years, it has been used to create dedicated applications—NASA uses it for many of its space applications, for example. It has also become popular for companies making Internet-of-Things (IoT) devices because it allows them to avoid royalty fees.

In this new effort, Nguyen has found a vulnerability that allows hackers within the range of a Bluetooth signal to gain root access to computers or devices running BlueZ. Notably, many IoT devices use BlueZ to allow users to communicate with their devices. Intel, a major backer of the group behind BlueZ, has announced that it is characterizing the vulnerability as a flaw that provides an escalation of privileges or the disclosure of information.

Because it is still a new discovery, little is known about the vulnerability—still, the team at BlueZ has released a patch for it and made it freely available. Also, Intel has issued an advisory on its web page, noting that the severity has been classified as high.

Despite the severity of the , it is not considered to be something that the user community should worry about. A would have to gain access to a building housing such a device or computer and have the necessary knowledge and equipment to take advantage of the situation. And there would also be the issue of motive—not many hackers are interested in taking over an IoT coffeepot sitting on someone's kitchen counter. As with many computer vulnerabilities, those most at risk are those who work with very sensitive or valuable information.

Explore further

Vulnerability found in Apple's T2 security chip

© 2020 Science X Network

Citation: Bluetooth flaw in Linux kernel allows nearby hackers to execute code (2020, October 16) retrieved 30 October 2020 from https://techxplore.com/news/2020-10-bluetooth-flaw-linux-kernel-nearby.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Original Text (This is the original text for your reference.)

October 16, 2020 report

Bluetooth flaw in Linux kernel allows nearby hackers to execute code

by Bob Yirka , Tech Xplore

Linux
Credit: Pixabay/CC0 Public Domain

Google engineer Andy Nguyen is reporting via a Twitter thread that a new security vulnerability has been found in Linux operating systems that run a Bluetooth software stack called BlueZ. Nguyen has named the vulnerability BleedingTooth and claims in his Twitter post that the vulnerability allows nearby hackers to conduct zero-click root-level code execution.

Linux is an very similar to Unix—it became popular over a decade ago as a research and due to its open-source licensing and zero cost. In more recent years, it has been used to create dedicated applications—NASA uses it for many of its space applications, for example. It has also become popular for companies making Internet-of-Things (IoT) devices because it allows them to avoid royalty fees.

In this new effort, Nguyen has found a vulnerability that allows hackers within the range of a Bluetooth signal to gain root access to computers or devices running BlueZ. Notably, many IoT devices use BlueZ to allow users to communicate with their devices. Intel, a major backer of the group behind BlueZ, has announced that it is characterizing the vulnerability as a flaw that provides an escalation of privileges or the disclosure of information.

Because it is still a new discovery, little is known about the vulnerability—still, the team at BlueZ has released a patch for it and made it freely available. Also, Intel has issued an advisory on its web page, noting that the severity has been classified as high.

Despite the severity of the , it is not considered to be something that the user community should worry about. A would have to gain access to a building housing such a device or computer and have the necessary knowledge and equipment to take advantage of the situation. And there would also be the issue of motive—not many hackers are interested in taking over an IoT coffeepot sitting on someone's kitchen counter. As with many computer vulnerabilities, those most at risk are those who work with very sensitive or valuable information.

Explore further

Vulnerability found in Apple's T2 security chip

© 2020 Science X Network

Citation: Bluetooth flaw in Linux kernel allows nearby hackers to execute code (2020, October 16) retrieved 30 October 2020 from https://techxplore.com/news/2020-10-bluetooth-flaw-linux-kernel-nearby.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
Comments

    Something to say?

    Log in or Sign up for free

    Disclaimer: The translated content is provided by third-party translation service providers, and IKCEST shall not assume any responsibility for the accuracy and legality of the content.
    Translate engine
    Article's language
    English
    中文
    Pусск
    Français
    Español
    العربية
    Português
    Kikongo
    Dutch
    kiswahili
    هَوُسَ
    IsiZulu
    Action
    Report Collection
    Share
    Related

    Report

    Select your report category*



    Reason*



    By pressing send, your feedback will be used to improve IKCEST. Your privacy will be protected.

    Submit
    Cancel
    ICP备案号:京ICP备14021735号-1    © 2008 - 2023 IKCEST All rights reserved | Sitemap | Contact | About IKCEST

    New sign-in location:     

    Last sign-in location:     

    Last sign-in date: