• DocMcStuffin@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    3
    ·
    edit-2
    8 months ago

    Bluetooth has one of the largest network stacks. It’s bigger than Wifi. This means some parts of the stack probably aren’t tested and may have bugs or vulnerabilities. It has duplicate functionality in it. This opens up the possibility that flaws in how different parts interact could lead to vulnerabilities or exploits.

    A number of years ago some security researchers did an analysis of the Windows and Linux stacks. They found multiple exploitable vulnerabilities in both stacks. They called their attack blue borne, but it was really a series of attacks that could be used depending on which OS you wanted to target. Some what ironically, Linux was more vulnerable because the Linux kernel implemented more of the protocol than Windows.

    • ozymandias117@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      What? The kernel only implements HCI - a way to talk to hardware

      The Bluetooth stack and its protocols are implemented in BlueZ or on Android in Gabeldorsche

      • DocMcStuffin@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        Yeeeaaah, that makes more sense. 😅 That would be a giant gaping vulnerability if everything was in kernel space.