Bluetooth protocol and new Bluetooth vulnerabilities Wireless earphones with speaker

The Bluetooth Classic (BT) protocol is widely used in wireless protocols for notebooks, handheld devices, and audio devices. As a widely used communication technology today, wireless Bluetooth technology may affect hundreds of millions of devices around the world if a vulnerability occurs. If more manufacturers are affected by the vulnerability, the scale of affected devices may continue to expand. www.bjbjaudio.com

Recently, researchers discovered multiple security flaws in the commercial BT stack - BrakTooth, which can be exploited by attackers to initiate DoS, arbitrary code execution, and more. The researchers tested 13 BT devices from 11 manufacturers, found 16 new security vulnerabilities and obtained 20 CVE numbers, and there are still 4 vulnerabilities from Intel and Qualcomm that have not been assigned CVE numbers. Researchers have discovered that there may be more than billions of Bluetooth devices affected by a series of vulnerabilities dubbed "BrakTooth." www.bjbjaudio.com

Generic scenario for BrakTooth attack execution. The attacker needs an ESP32 development kit with custom LMP firmware and a PC to run the PoC tool. The PoC tool communicates with the ESP32 via the serial interface (/dev/ttyUSB1). www.bjbjaudio.com

The BrakTooth vulnerability affects all Bluetooth devices, where it could lead to DoS and arbitrary code execution. Since the BT stack is shared by multiple products, many products are affected by this vulnerability. Therefore, it is recommended that BT SoC manufacturers, BT module or BT end product manufacturers use the BrakTooth PoC tool to verify whether the BT stack implementation is affected by this vulnerability. Researchers have developed BrakTooth's PoC tool. Since some vendors have already released patches for the vulnerability, the researchers will release the PoC tool at the end of October. The reason the researchers are set to release the PoC tool in October is the hope that most of the bugs will be fixed by October. www.bjbjaudio.com

  First, the most dangerous of the 16 known BrakTooth vulnerabilities is CVE-2021-28139. It exists in the ESP32 System on Chip. ESP32 is a series of low-cost, low-power microcontrollers with WiFi and Bluetooth dual-mode functions, which are widely used in Internet of Things (IoT) devices, and are widely used in industrial equipment, personal equipment and household equipment. Therefore, this vulnerability is considered the most impactful vulnerability. www.bjbjaudio.com

 The researchers notified chipmakers vulnerable to the BrakTooh series of exploits before they published the exploits. At present, some of these vulnerabilities have been fixed, and some are developing patches, and the road to repair may be long. Until all vulnerabilities are fixed, the best defense against the BrakTooth series of vulnerabilities is to not connect any devices you don't know and trust. www.bjbjaudio.com