A Large Amount Of Devices Could Be Vulnerable To This Bluetooth Vulnerability
Researchers from the Singapore University of Technology and Design have some bad news for Bluetooth fans, as they found a serious vulnerability in a large number of Bluetooth components which they have labelled Braktooth; Brak being Norwegian for crash. At this time they have not released the steps to replicate this vulnerability to give companies time to work on a patch, but will be doing so next month at some point.
The attack makes use of a state that Bluetooth devices enter after repeated attempts to crash them, and can lead to arbitrary code execution. The example that Hackaday included in their post was the Espressif ESP32 Bluetooth chip which is vulnerable and when affected can be convinced to flip GPIO pins which can make the device it is attached to quite useless. As this particular Bluetooth component is often found in IoT security systems, Braktooth could remove any protections that the device provides for a physical location.
The exact method of execution may not have been revealed but there are links in the article to allow you to test if your devices are vulnerable. As this could effect over 1400 Bluetooth products, manufacturers and users have a bit of work to do.
Bluetooth has become widely popular since its introduction in 1999. However, it’s also had its fair share of security problems over the years. Just recently, a research group from the Singapore University of Technology and Design found a serious vulnerability in a large variety of Bluetooth devices. Having now been disclosed, it is known as the BrakTooth vulnerability.