Bluetooth has been for long, one of the most used communication protocols due to the ease it offers. However, there have been vulnerabilities discovered in the past with 3 more surfacing recently.
Discovered by a researcher named Andy Nguyen who happens to be a Google engineer, they have been collectively dubbed as BleedingTooth and make devices vulnerable to remote code execution (RCE) without any clicks.
A caveat is that only Linux devices can be targeted this way. Nonetheless, it still is pretty lethal as privilege escalation is a possibility when the flaw is exploited.
Going into detail, the vulnerability is found in a piece of software named BlueZ which is responsible for all Bluetooth based connections and other implementations in Linux systems. Explaining, Andy states that,
unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.
Not only this, but the information could also be stolen due to a lack of proper access controls in BlueZ, and denial of service (D0S) attacks may be executed “via adjacent access” as detailed by an Intel security advisory.
A demonstration of the attack in the process has also been uploaded by Andy on YouTube as shown below:
To conclude, seeing the seriousness of it, Intel has on the other hand ranked one of the vulnerabilities (CVE-2020-12351) as highly severe deserving a score of 8.3/10.
The good news is that security patches have already been issued therefore if you are on a Linux system make sure it is upgraded.
Nonetheless, all users should still manually do some checking and make sure that their particular version of Linux has received the patch. If not, disabling Bluetooth entirely may be the safest option or manually installing kernel fixes.