Researchers at Singapore University of Technology and Design has released a proof-of-concept exploit for a family of vulnerabilities it has dubbed BrakTooth, which affects the software development kit used to program Bluetooth chipsets using the ESP32 standard.
BrakTooth affects the Bluetooth Classic protocol, which is widely used in laptops, smartphones and audio devices. The team says 16 flaws make up BrakTooth, the effects of which, if exploited, range in severity from crashing affected systems to remote code execution.
The most serious flaw, dubbed V1 by the team, targets the ESP32 SoCs used in industrial automation, smart home, and fitness applications, among others. Certain models of MacBooks and iPhones are known to be affected. Because the ESP32 BT Library does not correctly run an out-of-bounds check on certain types of inputs, a malicious request to the system can allow an attacker to inject code onto a vulnerable system and potentially take control.
Source:: Network World – IoT