Researchers have discovered a series of Bluetooth vulnerabilities dubbed BrakTooth that may affect over 1400 product listings.
“As of today, we have evaluated 13 BT devices from 11 vendors. We have discovered a total of 16 new security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four (4) vulnerabilities are pending CVE assignment from Intel and Qualcomm,” said the ASSET (Automated Systems Security) Research Group from the Singapore University of Technology and Design.
The ASSET team discovered the BrakTooth vulnerabilities in Bluetooth stacks that can “range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.”
Moreover, the researchers evaluated vendor devices from Qualcomm, Intel, Texas Instruments, Zhuhai Jieli Technology, Cypress, Bluetrum Technology, Espressif Systems, Harman International, and Silabs.
After evaluation of these vendor devices, the researchers discovered the following 20 BrakTooth vulnerabilities (that have assigned CVEs as of the posting):
- Feature Pages Execution: CVE-2021-28139
- Host Conn. Flooding: CVE-2021-31785
- Same Host Connection: CVE-2021-31786
- AU Rand Flooding: CVE-2021-31610, CVE-2021-34143, CVE-2021-34146, CVE-2021-34149
- Invalid Max Slot Type: CVE-2021-34145
- Max Slot Length Overflow: CVE-2021-34148
- Invalid Timing Accuracy: CVE-2021-34147
- Truncated SCO Link Request: CVE-2021-34144
- Duplicated IOCAP: CVE-2021-28136
- Feature Resp. Flooding: CVE-2021-28135, CVE-2021-28155
- Feature Resp. Flooding: CVE-2021-31717
- Link Manager Protocol (LMP) Auto Rate Overflow: CVE-2021-31609, CVE-2021-31612, CVE-2021-31613
- Truncated LMP Accepted: CVE-2021-31613
- Invalid Setup Complete: CVE-2021-31611.
Other vulnerabilities are pending CVE assignments.
Finally, the ASSET researchers provided more details to include proof-of-concepts (PoCs) and three sample attacks used to launch arbitrary code execution (ACE) or Denial of Service (DoS) on target devices.