The vulnerability was discvoered in BlueZ, a stack that makes the Bluetooth usable in Linux. All versions of the free system from are affected. The main issue here is that the faulty Linux kernels also run in numerous devices which will never receive an update. This primarily applies to a wide variety of embedded operations and smartphones from cheap manufacturers. If they have a Bluetooth interface, they can usually get hacked with the bug.
BlueZ Receives Important Security Gaps
The malware makes it possible for a hacker to smuggle foreign code and execute it. Interaction with the user is not possible. Hacked devices can be infected with the vulnerability from a few meters away. Data can then be accessed. According to security experts, developing an exploit is not a particularly trivial matter. Users should be protected here simply because of the fact that the work of misusing the vulnerability is likely to outweigh the benefits in most cases. Nevertheless, it is advisable to also use patches, as exploits will also become more and more easily available at some point. The prerequisite for an attack is that the hacker knows the victims address. Such addresses can be determined with Bluetooth sniffers.
Since discovered vulnerability in Bluetooth stack and sufficient proximity to a hacker, it is recommended as a temporary workaround not to use the program at least in public spaces. The probability that the system will be exploited seems rather low due to the work involved, despite the targeted attacks on individuals which would be a more plausible way. Researchers who discovered the gaps have now demonstrated on social media how an attack could collect term for the gaps. works and what They also published a concept code.
Google has also published proof-of-concept exploit code for the flaw on GitHub. See a video demo of BleedingTooth below: