Researchers show how to exploit Bluetooth Classic security flaws

Researchers at Singapore University of Technology and Design has released a proof-of-concept exploit for a family of vulnerabilities it has dubbed BrakTooth which affects the software outgrowth kit used to program Bluetooth chipsets using the ESP32 measure.

BrakTooth affects the Bluetooth Classic protocol which is widely used in laptops keenphones and audio artifices. The team says 16 flaws make up BrakTooth the effects of which if exploited range in severity from crashing affected methods to distant code execution.

The most grave flaw dubbed V1 by the team targets the ESP32 SoCs used in industrial automation keen home and fitness applications among others. Certain models of MacBooks and iPhones are known to be affected. Because the ESP32 BT Library does not correctly run an out-of-bounds check on true types of inputs a malicious request to the method can allow an attacker to inject code onto a assailable method and possiblely take control.

Other flaws give an attacker a wide range of possible damage including forcibly disconnecting Bluetooth artifices from one another using a assailable endpoint to crash all connections on a paired artifice and shutting down connected audio artifices. The attacks take locate over the Bluetooth network itself requiring nothing more than a piece of common Bluetooth hardware and a PC.

The team said the total number of assailable chipsets could be more than 1400 which resources that artifices using those chipsets could be compromised by the BrakTooth flaws. This resources that artifices ranging from IoT gadgetry to manufacturing equipment to laptops and keenphones are assailable. Affected manufacturers include Intel Texas Instruments and Qualcomm.

Chipset vendors have been informed of the BrakTooth vulnerabilities and many have already issued patches for use by OEMs or even to the general open at big. The researchers have created a table of whos updated what and published BrakTooth proof-of-concept code.

The same cluster of researchers has been working on Bluetooth security for some time having previously revealed flaws like SweynTooth in Bluetooth LE. This was a correspondent cluster of security issues centered on a lack of adequate code validation which was made open in 2019. Many of the products affected by SweynTooth were medical artifices most critically including blood glucose meters and pacemakers. These flaws have mainly been patched according to the team.