if you're on linux and use bluetooth, you should upgrade to 5.9 immediately or stop using bluetooth.

zero-click RCE:
twitter.com/theflow0/status/13
writeup:
github.com/google/security-res

yikes

spam 

@hazel never use wireless devices never use wireless devices never use wireless devices never use wireless devices never use wireless devices never use wireless devices never use wireless devices never use wireless devices

spam 

@hazel I'm so paranoid about connecting things to my PC

@jeder it's literally just type confusion is the worst thing

i hate c

@hazel well shit, guess i gotta disable it on my pi's since the latest kernel version they have is 5.4, at least for arch linux, rip

@EeveeEuphoria if you aren't like, physically near someone else, it's probably fine

but do NOT turn bluetooth on in a public space

@hazel I guess this also applies to android?

looking at my phone running kernel 4.4 😢

@Tak Maybe. It only affects kernel 4.8 and higher, but it could be that your vendor backported stuff from newer kernels.

@hazel

@tastytea @hazel Oh, ok - the advisory just said < 5.9 for affected versions

@hazel Based OpenBSD doesn’t have this problem (no Bluetooth support in the kernel, lel).

@hazel does this vulnerability require the devices to be paired? It doesn't seem to mention that in the writeup nor the video.

@robby @hazel Doesn’t look like it. Looked at the POC—you just have to specify a Bluetooth address.

Sign in to participate in the conversation
is not alive

"are you a boy or a girl?"
"im dead!"