The United States Cybersecurity and Infrastructure Security Agency (CISA) warned last week on proof-of-concept (PoC) code for the BrakTooth Bluetooth vulnerabilities now being publicly available.
BrakTooth is the name researchers with the Singapore University of Technology and Design gave to a set of roughly two dozen vulnerabilities in commercial Bluetooth Classic (BT) stacks and which affect system-on-chips (SoCs) running Bluetooth 3.0 + HS to Bluetooth 5.2.
The bugs could be exploited to cause denial of service (DoS) conditions, through crash of deadlock, and, in some cases, could also lead to arbitrary code execution. Exploitation of these flaws requires for the attacker to be within Bluetooth range of a vulnerable device.
This New Bluetooth Vulnerabilities Could Affect Millions of Device. The researchers said they had identified 1,400 affected products, but also noted that the actual number could be much higher.
BrakTooth was originally disclosed in August and the on the November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth requires a specific BT hardware development kit (ESP-WROVER-KIT) (ESP32 based) connected to PC to be able to launch the attack since LMP packets cannot be sent from the host in normal Bluetooth Hardware. The exploit tool includes a standalone version of Wireshark which already includes a plugin to read the customized captures saved by this tool.