Brake tooth! You know that BrakTooth


A large amount of devices could be vulnerable to this Bluetooth vulnerability

Researchers at the Singapore University of Technology and Design have bad news for Bluetooth fans, as they discovered a serious vulnerability in a large number of Bluetooth components that they labeled Braktooth; Brak being Norwegian for crash. At this time, they haven’t released the steps to replicate this vulnerability to give businesses time to work on a fix, but will do so next month at some point.

The attack uses a state that Bluetooth devices enter after repeated attempts to block them, and can lead to the execution of an arbitrary code. The example that Hackaday included in their article was the Espressif ESP32 Bluetooth chip which is vulnerable and when affected can be convinced to flip the GPIO pins, which can make the device it is attached to quite useless. As this particular Bluetooth component is often found in IoT security systems, Braktooth could remove all protections provided by the device for a physical location.

The exact method of execution may not have been revealed, but there are links in the article for you to test if your devices are vulnerable. As this could affect over 1,400 Bluetooth products, manufacturers and users alike have a bit of work to do.


Source link