PoC exploit for BrakTooth vulnerabilities published

PoC exploit for BrakTooth
Written by Emma Davis

CISA experts warned that a PoC exploit for the BrakTooth problem, which threatens millions of devices, has become public.

Let me remind you that the BrakTooth name hides a whole set of 16 vulnerabilities that affect the Bluetooth stack in many popular SoCs that are used in laptops, smartphones, industrial devices and IoT devices. These bugs allow disabling or “hanging” the device, and in the worst case, they help to execute arbitrary code and take over the entire system.

For example, the most serious issue in BrakTooth, CVE-2021-28139, allows remote attackers to run their own malicious code on vulnerable devices via Bluetooth LMP.

CVE-2021-28139 affects smart devices and industrial equipment based on Espressif Systems ESP32 SoC, but the problem can affect many other commercial products as well.the researchers say.

BrakTooth became known in September this year, when specialists from the Singapore University of Technology and Design studied Bluetooth libraries for 13 different SoCs from 11 manufacturers. As it turns out, the same Bluetooth firmware was used in over 1,400 SoCs, which were the basis for a wide variety of devices.

Worse, all BrakTooth attacks can be performed using standard Bluetooth hardware, which costs no more than $ 15. Then the authors of the report emphasized that the number of problem devices, according to their calculations, is in the billions, although the degree of vulnerability depends on the SoC of the device and the Bluetooth software stack.

A PoC exploit for BrakTooth was posted on GitHub last week by one of the authors of the original research.

Because of this, experts at the Department of Homeland Security’s Cybersecurity and Infrastructure Protection Agency (DHS CISA) urged manufacturers, vendors, and developers to review their code as soon as possible and apply patches or workarounds to vulnerable Bluetooth System-on-a- applications. Chip (SoC). Unfortunately, the situation with patches still leaves much to be desired, as can be clearly seen in the table below, recently updated by the researchers.

BrakTooth vulnerabilities

Let me also remind you that CISA warned that GPS devices may behave unpredictably due to a bug in the GPS Daemon.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.