A set of latest safety vulnerabilities has been disclosed in business Bluetooth stacks that would allow an adversary to execute arbitrary code and, worse, crash the gadgets through denial-of-service (DoS) assaults.
Collectively dubbed “BrakTooth” (referring to the Norwegian phrase “Brak” which interprets to “crash”), the 16 safety weaknesses span throughout 13 Bluetooth chipsets from 11 distributors comparable to Intel, Qualcomm, Zhuhai Jieli Expertise, and Texas Devices, protecting an estimated 1,400 or extra business merchandise, together with laptops, smartphones, programmable logic controllers, and IoT gadgets.
The issues had been disclosed by researchers from the ASSET (Automated Methods SEcuriTy) Analysis Group on the Singapore College of Expertise and Design (SUTD).
“All of the vulnerabilities […] might be triggered with none earlier pairing or authentication,” the researchers famous. “The impression of our found vulnerabilities is categorized into (I) crashes and (II) deadlocks. Crashes typically set off a deadly assertion, segmentation faults attributable to a buffer or heap overflow inside the SoC firmware. Deadlocks, in distinction, lead the goal system to a situation through which no additional BT communication is feasible.”
Essentially the most extreme of the 16 bugs is CVE-2021-28139, which impacts the ESP32 SoC utilized in many Bluetooth-based home equipment starting from client electronics to industrial gear. Arising attributable to an absence of an out-of-bounds verify within the library, the flaw permits an attacker to inject arbitrary code on susceptible gadgets, together with erasing its NVRAM knowledge.
Different vulnerabilities might outcome within the Bluetooth performance getting completely disabled through arbitrary code execution, or trigger a denial-of-service situation in laptops and smartphones using Intel AX200 SoCs. “This vulnerability permits an attacker to forcibly disconnect slave BT gadgets presently related to AX200 below Home windows or Linux Laptops,” the researchers mentioned. “Equally, Android telephones comparable to Pocophone F1 and Oppo Reno 5G expertise BT disruptions.”
A final assortment of flaws found in Bluetooth audio system, headphones, and audio modules could possibly be abused to freeze and even utterly shut down the gadgets, requiring the customers to manually flip them again on. Troublingly, all of the aforementioned BrakTooth assaults could possibly be carried out with a available Bluetooth packet sniffer that prices lower than $15.
Whereas Espressif, Infineon (Cypress), and Bluetrum Expertise have launched firmware patches to rectify the recognized vulnerabilities, Intel, Qualcomm, and Zhuhai Jieli Expertise are mentioned to be investigating the issues or within the means of readying safety updates. Texas Devices, nonetheless, does not intend to launch a repair until “demanded by clients.”
The ASSET group has additionally made accessible a proof-of-concept (PoC) tool that can be utilized by distributors producing Bluetooth SoCs, modules, and merchandise to duplicate the vulnerabilities and validate in opposition to BrakTooth assaults.