BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
The Bluetooth Classic (BT) protocol is a widely used wireless protocol in laptops, handheld devices, and audio devices.
On November 1st 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools.
BrakTooth was originally disclosed in August 2021, it is a family of security vulnerabilities in commercial Bluetooth stacks.
An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution.
BrakTooth requires a specific BT hardware development kit (ESP-WROVER-KIT) to be able to launch the attack since LMP packets cannot be sent from the host in normal Bluetooth Hardware.
The BrakTooth vulnerability was discovered by researchers from Singapore University of Technology and Design.
The most severe of the 16 known BrakTooth vulnerabilities is CVE-2021-28139 and indicates that the Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.