Braktooth is a collection of classic Bluetooth attacks developed during 2021 by the Asset research group (https://asset-group.github.io/disclosures/braktooth/) affecting different Bluetooth devices and versions (from 3.0 to 5.2). The attacks have been released and have PoCs on the research group’s website.
In total, the collection consists of 16 attacks affecting 13 Bluetooth devices from 11 different manufacturers. The goal of the attack is to exploit vulnerabilities in the implementation that the manufacturer has made in each device. For this reason, the results of the attack greatly vary depending on the device attacked. To summarize, the results of the attack are mainly denials of service, device crashes, deadlocks and, in some very specific cases, the possibility of arbitrary code execution (ACE).
Articles related to Braktooth
We have been working hard on Bluetooth vulnerabilities such as Braktooth. We leave you some of our blog articles and research that you will surely find interesting.
- Introduction to Bluetooth attacks
- Attacks to the Bluetooth Link Manager Protocol with BrakTooth
- Bluetooth KNOB and BLURtooth, second installment of Bluetooth cyber-attacks
- Bluetooth vulnerabilities in smart locks
- BSAM. Methodology for testing Bluetooth vulnerabilities
Cybersecurity Services related with Braktooth
- IoT security testing: Iot device security testing and Bluetooth penetration testing services.