Bluetooth Classic protocol is prevalent for laptop and audio devices. This is mainly discovered for several critical vulnerabilities. As per the report, BrakTooth is a family of a new security vulnerability.
These are reported to the respective vendors, which are already patched. BrakTooth vulnerability had already received the bug bounty from the Espressif System and Xiaomi. It affects more than 1400 product listings.
It is a combination of two words Brak and Tooth. This is directly indicating the Bluetooth targets. In this Bluetooth enable the device continuously and crash them.
Attack Scenario Overview:
In this, they will show you how to perform when a BreakTooth attack happens. Due to some vendor issue, it has released at the end of October 2021.
Affected BT BR/EDR chipsets
As per the report, vulnerabilities get categorized in two ways crashes and deadlock. Crashes trigger the fatal assertion and segmentation work is false due to overflow. It targets the device with BT communication which includes BT speakers, toys, keyboards, etc. With all discovered vulnerabilities, they are responsible for few disclosure processes, and everything has to be reached out at least 90 days. In this, they are actively helping the vendors who are producing the patches with the various processes.
Impact of BrakTooth:
Here they have created a different concrete attack that leveraging the BrakTooth vulnerability. This includes Arbitrary Code Execution, Laptops, and Smartphones, freezing audio products, estimating the scope, and much more.
BT Firmware Patches:
Here the above table says the status of the investigation, which is categorized in the following form:
- Available: As per the vendor, it is a replicate of vulnerability and patch.
- Patch in progress: Here they have successfully replicated the vulnerability and patch simultaneously, and this will be available soon.
- Investigation in progress: The vendor is investigating the security issue where the team will assist.
- No fix: This vendor can successfully replicate the issue where they do not have any plan to release the patch.
- Pending: Vendor has communicated with the team, and it has the status of the investigation, which is unclear.
The vendor called Texas instrument successfully replicate the security issue, and till this stage, they have no plan to produce the patch. If customers demand, they will consider producing the patch.
Sniffing BT BR/EDR in less than $15:
In this, they are releasing the community, which is in a low-cost BT Classic, which is available readily.
The BreakTooth family vulnerability revisits the reasserts issue if it is old; they heavily use the Bluetooth classic protocol, which sheds light on the future research of Bluetooth security.
In this, they have described in detail description every vulnerability affected on the system-on-chip model in detail. As a result, there are few vulnerabilities that gets discovered while testing the development kits and detect the final products.
PoC Tool Availbility
PoC tool is available to download where the vendors produce the BT SoCs products. As per the report, the user needs to fill a simple form that requires basic information like job role, valid email, organization, etc. Here detailed instruction has given which exploit the target device.