Slash Boxes

SoylentNews is people

posted by chromas on Sunday November 07 2021, @02:12PM   Printer-friendly
from the you-can't-handle-the-tooth dept.

BrakTooth is a collection of flaws affecting commercial Bluetooth stacks on more than 1,400 chipsets used in billions of devices – including smartphones, PCs, toys, internet-of-things (IoT) devices and industrial equipment – that rely on Bluetooth Classic (BT) for communication.

On Thursday, CISA urged manufacturers, vendors and developers to patch or employ workarounds.

The PoC has been made available on the BrakTooth website on GitHub.

As the paper pointed out, all that attackers need to do to pick apart the BrakTooth bugs is an off-the-shelf ESP32 board that can be had for $14.80, (or as low as $4 for an alternative board on AliExpress), custom Link Manager Protocol (LMP) firmware, and a computer to run the PoC tool.

Researchers from the University of Singapore disclosed the initial group of 16 vulnerabilities (now up to 22), collectively dubbed BrakTooth, in a paper published in September. They found the bugs in the closed commercial BT stack used by 1,400+ embedded chip components and detailed a host of attack types they can cause: Mainly denial of service (DoS) via firmware crashes (the term “brak” is actually Norwegian for “crash”). One of the bugs can also lead to arbitrary code execution (ACE).

Since the paper was published, there have been a number of updates, as vendors have scrambled to patch or to figure out whether or not they will in fact patch, and as researchers have uncovered additional vulnerable devices.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Monday November 08 2021, @06:21PM

    by DannyB (5839) Subscriber Badge on Monday November 08 2021, @06:21PM (#1194719) Journal

    There are numerous languages that make it harder or impossible to create the most common C bug vulnerabilities in code.

    The C programmers will universally complain about any past, present or future language that takes away the ability to hang yourself.

    I could pick many examples, but I'll pick two.

    1. Java doesn't let you mess with pointers. It has precise GC to eliminate three entire classes of memory management bugs. (i) not freeing something, (ii) freeing it twice, (iii) using a pointer to an object after it has been freed. Furthermore, I would point out that GC reduces latency on the money earning threads because they never see a single cpu instruction related to memory management (eg reference counting, or other strategy). The cleanup of GC happens later on other cpu cores not running the money earning threads. The money making thread has to pay the freight to operate those GC threads, and it does, and in return gets lower latency. You can never buy back latency. Crank up the clock speed all you want.

    2. Languages that have a String length indicator. (most modern languages) What I'm saying is that a string object contains a length indicator. Not a zero terminated string.

    3. (I said two, but this is a bonus item) Non overflowable buffers. Ultimately this comes down to array bounds checking. Modern languages make it impossible to overflow an array. Oh, but the cost of that checking! In many cases it can be done once at the start of a loop by the compiler to guarantee no overflow. The cost seems trivial if it prevents creating a vulnerability such as a stack overwrite of the return address.

    It's not that we CAN'T fix these problems. It's that people simply WON'T fix it in a systematic way. The solution is to endeavor to make these problems impossible to happen. Array overflows (eg buffer overflows and other overflows). Runaway strcopy operations. The three memory management bugs (above) which are by themselves the most common source of bugs of several decades of microcomputer evolution.

    I won't waste my breath with strong typing to prevent assigning a string to a floating point value.

    Trump is a poor man's idea of a rich man, a weak man's idea of a strong man, and a stupid man's idea of a smart man.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2