Well, this kernel Bluetooth exploit is depressing

If none of the more specific forums is the right place to ask

Re: Well, this kernel Bluetooth exploit is depressing

Postby Head_on_a_Stick » 2020-10-18 08:41

sgosnell wrote:Actually, I just saw that 5.9.1 was released today, so 5.9 is considered stable now. Maybe we'll see it in Sid within a week or so.

See https://kernel.org to find the current "stable" kernel version. And the sid kernel is now fixed: https://security-tracker.debian.org/tra ... 2020-12351
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12650
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-21 17:09

Head_on_a_Stick wrote:
sgosnell wrote:Actually, I just saw that 5.9.1 was released today, so 5.9 is considered stable now. Maybe we'll see it in Sid within a week or so.

See https://kernel.org to find the current "stable" kernel version. And the sid kernel is now fixed: https://security-tracker.debian.org/tra ... 2020-12351


Yes, I have 5.9.1 backported and running on Buster, but most third party DKMS drivers won't build on it yet, the exception being the broadcom-sta-dkms package in backports. I don't what Debian is planning to do for Stretch and/or 5.8 kernels, either, or if there's going to be another 5.8 kernel release that includes the fix in the source in Sid--the 5.8 kernel is up to 5.8.16.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12083
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-21 17:24

I believe the latest Liquorix 5.8 kernels also incorporate the fix, though.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12083
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-21 20:00

Debian seems to be in somewhat of a flux right now. A vote is being taken on whether to stay with systemd or go to another init system, just to name one issue. I have zero insight into what the future might be for anything right now. But I can say that a bluetooth exploit is among the least of my worries. Now if I had a phone running Debian, my priorities might be different, but that ain't happening any time soon.
Take my advice, I'm not using it.
sgosnell
 
Posts: 864
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-22 21:32

Well, I'm using BT earbuds right now on a Debian base, and I can't be the only one, can I?

Virtual Box 6.1.16 was added to Sid a couple days ago, and I backported it to Buster and Stretch MX bases, and can confirm it builds and works with the 5.9.1 kernel.

So surprise! I'm waiting on either a 5.8.16 kernel in Debian or a better Nvidia driver than the beta in Experimental. It's always Nvidia.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12083
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-23 01:34

I use bluetooth, but nobody gets into my home. If someone has the necessary equipment and can park it near enough to receive bluetooth transmissions from my computer, I guess they can exploit the exploit. But I'm not that worried about it.
Take my advice, I'm not using it.
sgosnell
 
Posts: 864
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby Deb-fan » 2020-10-23 03:24

^ +1 what he said, I don't use bluetooth just never got into it and so never have it enabled or any BT related pkgs. This ancient Dell Inspiron has the option in bios to disable it. Still guessing for vast majority this isn't going to matter much. At least somebody caught it and are taking corrective action, didn't even read the full security advisory but am glad people know, if I were using BT would be paying closer attention until things are sorted out. Gotta agree it's a tad of a downer, the sheer scope of kernel's affected but it's been found and no doubt will be fixed ASAP.
Most powerful FREE tech-support tool on the planet * HERE. *
Deb-fan
 
Posts: 956
Joined: 2012-08-14 12:27

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-24 03:14

A more dangerous place would be in a classroom, work environment, or coffee shop. A cautious user will just have to resort to wired devices in those cases.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12083
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby Deb-fan » 2020-10-24 03:56

All good points imo @Stevep, although am sure it's amazing technology for whatever reason just always had a fundamental distrust of bluetooth, for no real technical reasons, least none I can remember cause I didn't spend a great deal of time looking into it. The general idea made me and still kinda does uncomfortable, this and that connecting or pairing to my xyz-device(s.)

Am sure BT can be really useful no matter what and that this too shall pass. Thing that has me a tad freaked about this is what it all might mean for Android devices, people who may not ever get upgrades and fixes on mobile. Though for same reasons stated have always avoided enabling BT on mobile too.

PS, more brainfarts, also surely has to be ways to harden it, like a hidden SSID or something ? Just cause it's running, doesn't mean it should announce itself to the entire world. Guessing there's effective ways to deal with this crap, even on vulnerable devices. If had a bunch of bluetooth goodies laying around, yeppers, seems like now would be a good time to start googling "improve security on bluetooth" and "securing bluetooth" etc.
Most powerful FREE tech-support tool on the planet * HERE. *
Deb-fan
 
Posts: 956
Joined: 2012-08-14 12:27

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-24 13:31

We have different viewpoints on this, of course, Steve. I'm looking at it purely from a personal point of view, while you're responsible to all sorts of users. Using bluetooth in crowded public spaces is certainly problematic, with or without this exploit. I just don't do that. In fact, these days I don't even go around those sorts of places. I do understand your concern, though. FWIW, I saw an article last night that said both Debian and Ubuntu had released patched kernels, and that all versions should now be fixed, as long as it's the latest available.
Take my advice, I'm not using it.
sgosnell
 
Posts: 864
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby CwF » 2020-10-24 14:01

I rarely use it but have checked some BT adapters in Debian just to see...For over two years there has been a device 'ats8830' somewhere within range that I still haven't figured out what it is? Not one of my things. I played with meshing wifi and using a 'SDR' program to run many wifi together to triangulate locations, but I haven't wasted the time with BT, nor have multiple adapters to use. Whatever ats8830 is it must have a killer battery!
CwF
 
Posts: 790
Joined: 2018-06-20 15:16

Re: Well, this kernel Bluetooth exploit is depressing

Postby sgosnell » 2020-10-24 16:31

Whatever ats8830 is it must have a killer battery!

Or be connected to mains power. All sorts of things have bluetooth in them now - amplifiers, soundbars, speakers, all the digital home assistants, even some home appliances - refrigerators, TVs, almost anything. If it's in range, it's something in your home.
Take my advice, I'm not using it.
sgosnell
 
Posts: 864
Joined: 2011-03-14 01:49

Re: Well, this kernel Bluetooth exploit is depressing

Postby Deb-fan » 2020-10-25 09:41

OR it's some evil haxxor who's been driving around your neighboorhood with a high gain antenna waiting for you to dare turn on BT CwF !!!! Mwahhhaahhaaahaha.

Upon reviewing a bit I do remember why I opted out of bluetooth, wasn't just that the whole premise sounded iffy, vaguely remember looking up security concerns and quickly found way too many credible sources talking about serious concerns with it. Was more than enough reason to flip the off switch and stay away from it. Things apparently have come a long way with BT since then, was many moons ago, looks like not far enough though. Which is clearly a valid concern also, this technology has found its way into everything. People have it integrated into their vehicles and gawds only can list what all else.

"Great some damn blackhat hacked my toaster, ... now everything comes out burnt. DAMN U BT !!!" :D

Though yep, basic googling quickly turned up much people can do to lock BT down, make it more secure, kind of goes without saying if someone wants to use something, they may want to learn a bit about using it too. Am sure there are many people with tech-gadgets walking around and they're begging for trouble. Makes them much more likely to find some. Same time ... I don't believe it's realistic with all the paranoia that there's a blackhat and cyber-criminal gang hiding behind every tree and under each bush either.

ALSO for the longest time those people walking around with bt earbuds seemingly talking to themselves creeped me out, errr, still do for real. I'm the only one ?
Most powerful FREE tech-support tool on the planet * HERE. *
Deb-fan
 
Posts: 956
Joined: 2012-08-14 12:27

Re: Well, this kernel Bluetooth exploit is depressing

Postby stevepusser » 2020-10-26 10:58

ALSO for the longest time those people walking around with bt earbuds seemingly talking to themselves creeped me out, errr, still do for real. I'm the only one ?


What? Are you talking to me--I can't hear you over my tunes, brah!

Anyway, the patch referenced in the Debian security notice

https://git.kernel.org/pub/scm/linux/ke ... 3720bd4d22
also applies cleanly to Debian's 5.18.14, since I got tired of waiting for Debian's 5.8.16 or newer kernel, and Nvidia won't have drivers that build on 5.9 kernels for weeks, it seems. (Insert obligatory Nvidia bash here)
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12083
Joined: 2009-10-06 05:53

Re: Well, this kernel Bluetooth exploit is depressing

Postby Deb-fan » 2020-10-26 14:22

^Lol ... am sure you've been there, done it and remember.

BT first came out and that type of thing happened it made for some comical moments and some somewhat tense ones too. ie:

"WTH did you say to me ? Who the hades are you talking to dude ?" moments. People point at their ear, I'm talking on a phone ...

Don't know overall, still fairly sure with a tad of common sense + effort bluetooth can be dandy stuff. Still remain uncomfortable with it though.
Most powerful FREE tech-support tool on the planet * HERE. *
Deb-fan
 
Posts: 956
Joined: 2012-08-14 12:27

PreviousNext

Return to General Questions

Who is online

Users browsing this forum: w4kh and 19 guests

fashionable