Researchers at the Singapore University of Technology and Design released a proof-of-concept exploit for a family of vulnerabilities it named BrakTooth, affecting the software development kit used to program Bluetooth chipsets using the ESP32 standard.
BrakTooth affects the Bluetooth Classic protocol, which is widely used in laptops, smartphones, and audio devices. The team says BrakTooth has 16 flaws, the effects of which, if exploited, range in severity from crashing affected systems to remote code execution.
The most serious flaw, dubbed V1 by the team, targets ESP32 SoCs used in industrial automation, smart home and fitness applications, among others. Certain models of MacBooks and iPhones are known to be affected. Because the ESP32 BT library does not properly perform an out of bounds check on certain types of inputs, a malicious request to the system can allow an attacker to inject code into a vulnerable system and potentially take control.
Other flaws give an attacker a wide range of potential harm, including forcibly disconnecting Bluetooth devices from each other, using a vulnerable endpoint to block all connections on a paired device, and shutting down devices from connected audio. The attacks take place over the Bluetooth network itself, requiring no more than a cheap piece of Bluetooth hardware and a PC.
The team said the total number of vulnerable chipsets could be more than 1,400, meaning that devices using those chipsets could be compromised by BrakTooth’s flaws. This means that devices ranging from IoT devices to manufacturing equipment, laptops, and smartphones are vulnerable. Affected manufacturers include Intel, Texas Instruments, and Qualcomm.
Chipset vendors have been made aware of BrakTooth vulnerabilities, and many have already released patches for use by OEMs or even the general public. Researchers have created a table of who has updated whatand published BrakTooth Proof of Concept Code.
The same group of researchers have been working on Bluetooth security for some time, having previously revealed flaws like SweynTooth in Bluetooth LE. This was a similar group of security issues centered around a lack of sufficient code validation, which was made public in 2019. Many of the products affected by SweynTooth were medical devices, the most critical of which include blood glucose meters and pacemakers. These flaws have mostly been fixed, according to the team.
Copyright © 2021 IDG Communications, Inc.