Deep into Android Bluetooth Bug Hunting: New Attack Surfaces and Weak Code Patterns

In the past few years, researchers have found hundreds of security vulnerabilities in the AOSP Bluetooth module such as Blueborne and BlueFrag. Almost all of these vulnerabilities are caused by the process not properly validating the remote user-supplied data, when parsing the Bluetooth request packet.In this context, in order to improve the security of Bluetooth, Google has adopted a variety of hardening methods:1. Validate the length of incoming Bluetooth packets.2. Implement a new and more secure AVRCP profile.3. Rewrite Bluetooth …

android aosp attack bluetooth bug bug hunting code context data google hardening hunting length order packet packets parsing patterns process profile request researchers rust security vulnerabilities