SoylentNews

Braktooth Bluetooth Bugs Bite: Exploit Code, Proof-of-Concept Released

posted by chromas on Sunday November 07 2021, @02:12PM   
from the you-can't-handle-the-tooth dept.

Arthur T Knackerbracket has processed the following story:

BrakTooth is a collection of flaws affecting commercial Bluetooth stacks on more than 1,400 chipsets used in billions of devices – including smartphones, PCs, toys, internet-of-things (IoT) devices and industrial equipment – that rely on Bluetooth Classic (BT) for communication.

On Thursday, CISA urged manufacturers, vendors and developers to patch or employ workarounds.

The PoC has been made available on the BrakTooth website on GitHub.

As the paper pointed out, all that attackers need to do to pick apart the BrakTooth bugs is an off-the-shelf ESP32 board that can be had for $14.80, (or as low as $4 for an alternative board on AliExpress), custom Link Manager Protocol (LMP) firmware, and a computer to run the PoC tool.

Researchers from the University of Singapore disclosed the initial group of 16 vulnerabilities (now up to 22), collectively dubbed BrakTooth, in a paper published in September. They found the bugs in the closed commercial BT stack used by 1,400+ embedded chip components and detailed a host of attack types they can cause: Mainly denial of service (DoS) via firmware crashes (the term “brak” is actually Norwegian for “crash”). One of the bugs can also lead to arbitrary code execution (ACE).

Since the paper was published, there have been a number of updates, as vendors have scrambled to patch or to figure out whether or not they will in fact patch, and as researchers have uncovered additional vulnerable devices.

---

Original Submission

• Don't worry, you're safeDon't worry, you're safe (Score: 2) by Opportunist on Sunday November 07 2021, @09:32PM (2 children)

  by Opportunist (5545) on Sunday November 07 2021, @09:32PM (#1194500)

  Getting a ESP-WROVER-KIT is virtually impossible right now.

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2

• Re:Don't worry, you're safeRe:Don't worry, you're safe (Score: 4, Interesting) by fishybell on Monday November 08 2021, @03:50AM (1 child)

  by fishybell (3156) on Monday November 08 2021, @03:50AM (#1194567)

  You mean, this one? https://www.amazon.com/dp/B07WBZLLKD/ref=cm_sw_em_r_mt_dp_7KXMT9F2RF3C78TW4XS9 [amazon.com]

  The one that's in stock, and ships within 1 to 2 business days?

  Or, maybe you meant this one? https://www.mouser.com/ProductDetail/Espressif-Systems/ESP-WROVER-KIT-VE?qs=KUoIvG%2F9Ilbci6DcltJYaA%3D%3D [mouser.com]

  The one with 30 available to ship immediately.

  Maybe this one? https://www.adafruit.com/product/3384 [adafruit.com]

  There's only 19 in stock there.

  Aha! You must mean this one: https://www.sparkfun.com/products/retired/14917 [sparkfun.com]

  Apparently you can't purchase it that device at one relatively popular website. Maybe you want quantities in the hundreds, or thousands? That'd be odd for development board. I've seen stranger things though, so, well, you do you.

  Parent

  • Re:Don't worry, you're safe(Score: 2) by Opportunist on Monday November 08 2021, @01:05PM

    by Opportunist (5545) on Monday November 08 2021, @01:05PM (#1194617)

    Thanks, I didn't think of Mouser.

    The problem with the other ones was mostly that they either don't deliver to Europe or that the shipping costs are actually higher than the cost of the item, plus a delivery delay of weeks/months.

    Parent