Security Week 43: New Bluetooth Vulnerabilities for PCs and Cars

The past week has added another bug to the list of potentially dangerous vulnerabilities in Bluetooth – this time not in the protocol itself, but in its implementation for Linux, in the BlueZ stack. Google researcher Andy Nguyen named the new problem BleedingTooth. While the vulnerability description consists of one tweet and PoC video… The keyword in a short message with no details is zero click. If your Linux device has Bluetooth enabled and an attacker gets close enough to you, he can execute arbitrary code with high privileges. No action on the part of the victim like handshaking is required.

The vulnerability was confirmed by Intel in its newsletter (also without technical details). Strictly speaking, an attack on Bluez consists of three vulnerabilities with the highest severity rating of 8.3 on the CVSS v3.

This is far from the first serious problem with Bluetooth, even if limited to messaging in 2020. In September, two vulnerabilities were found in the protocol specifications, theoretically providing the possibility of a MiTM attack. Gaps in Bluetooth are still a thought experiment in the field of information security, but sooner or later quantity will turn into quality. This week’s Bluetooth bonus is a vulnerability in Audi vehicles.

The picture at the beginning of the article is taken from another fresh research… A hacker known as Kevin2600 “drops” the multimedia software in a 2014 Audi car by simply changing the name of the Bluetooth-connected smartphone to “% x% x% x% x% x”. This line causes a memory leak in the software and subsequent crash.

This problem can hardly be called a vulnerability. Interestingly, she’s not the first. Previously exactly the same crash discovered in the Mercedes Benz multimedia system, and three years ago – in Bmw

It is possible that sooner or later a set of vulnerabilities in Bluetooth – both in the protocol and in specific implementations – will be used for a real attack. The question is the potential benefit. You cannot organize a large-scale data leak on holes that require a presence ten meters from the victim, but such a tool can be used in targeted attacks. The problem with Bluetooth in cars and home IoT devices is that updates are infrequent and difficult. Even after the patch is released, large amounts of hardware will remain vulnerable for many years.

What else happened

Microsoft closed with the help of an out-of-order patch, two serious vulnerabilities, one of them in the Windows codec set. Both problems allow you to gain complete control over the system.

In that review the ransomware Trojan incident (attack on business, demand for a ransom in the amount of $ 6 million) provides an interesting hourly analysis of the evolution of the attack. The entire operation – from the first launch of the malicious code to complete control over the company’s infrastructure – took 29 hours.

Last Monday, October 12, Microsoft reported about taking control of the Trickbot botnet. Among other things, the management of the servers went through the courts, where Microsoft made an argument about infringement of its copyrights.

Ars Technica Edition writes about the backdoor in the Xplora X4 kids smartwatch. To remotely control a device (including the built-in camera), however, you need to know a key that is unique for each device, as well as a mobile phone number.

New research describes familiar way making profit from hacked IoT devices: on the basis of a botnet of 9000 hacked devices, an anonymous proxy server rises, access to which is sold for money.

Selection of three scientific studies shows how you can use a huge database of forum posts where cybercriminals communicate. For example, one of the works proposes a method for early detection of new incidents through the tracking of specific terms.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *