David Maynor and Jon “Johnny Cache” Ellch, the two hackers at the center of a Apple MacBook Wi-Fi flaw disclosure controversy, have been credited with helping to fix a “high risk” vulnerability in the Toshiba Bluetooth wireless device driver used by several PC vendors.
The duo, who blew the whistle on wireless driver vulnerabilities at the Black Hat Briefings in August, are listed in the credits of an alert from Atlanta-based SecureWorks that warns about code execution holes in the Toshiba Bluetooth memory stack.
The vulnerability could allow a remote attacker within wireless range of a Bluetooth device to perform a DoS (denial-of-service) or execute harmful code at the highest privilege level.
The bug affects the Toshiba Bluetooth host stack implementations version 3.x, and version 4 through 4.00.35.
All OEM versions are also vulnerable, including implementations in computers manufactured by Dell, Sony, ASUS Computers and other unidentified brands.
According to SecureWorks, which was also embroiled in the Apple controversy, a malicious hacker could use specially crafted Bluetooth packets to cause a memory corruption, a system crash, and/or the execution of arbitrary code.
“An attacker would need to be within approximately 10 meters of the victim. Additionally, an attacker would need the Bluetooth address of the victims device,” the company warned. The attack vector is easy because, according to SecureWorks, Bluetooth addresses are easily enumerated through active scanning if the device allows discovery.
Bluetooth wireless technology is used for short-range data communications between electronic devices. It is used primarily for cable-free connectivity between mobile phones, mobile PCs, handheld computers and other peripherals.
Toshiba has released Bluetooth security packs with fixes for the vulnerability. The company is also recommending that affected users visit their vendors Web site for an updated Bluetooth stack.
Users of Dell Latitude D820/D620/D420/D520 notebooks are urged to verify the version of their Bluetooth stack before applying any upgrades. Affected Dell customers can locate the latest driver versions located on the companys support Web site.
SecureWorks recommends that Bluetooth users set devices to nondiscoverable mode during normal operations to reduce risk from this and other potential future Bluetooth attacks.