Bluetooth risks: Braktooth vulnerability and tracking via head phones

Sicherheit (Pexels, allgemeine Nutzung)[German]Riskante Technik Bluetooth: So haben Sicherheitsforscher bei verschiedenen Bluetooth-Chip-Sets, die in Geräten wie Notebooks, Lautsprechern oder IoT-Geräten verwendet werden, gleich 16 verschiedene Sicherheitslücken entdeckt. Die Schwachstellen firmieren unter dem Namen Braktooth. Und in Oslo ist es gelungen, durch umherfahren mit einem Fahrrad, Nutzer, die Bluetooth-Kopfhörer verwenden, über einen Bluetooth-Empfänger zu tracken. Hier eine Zusammenfassung der betreffenden Sicherheitsinformationen.

Braktooth vulnerabilities in Bluetooth

Several security researchers from the Singapore University of Technology and Design have taken a look at Bluetooth SoCs from Intel, Qualcomm, etc., and tapped them for vulnerabilities. In a report they present a number of new vulnerabilities in commercial BT stacks under the name BrakTooth. The vulnerabilities range from denial of service (DoS) to firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoT devices.

As of disclosure, the folks have evaluated 13 BT devices from 11 vendors and discovered a total of 16 new vulnerabilities. Among them, 20 CVEs (Common Vulnerability Exposure) have already been assigned, with a CVE assignment from Intel and Qualcomm pending for four more vulnerabilities. The security researchers write that Bluetooth standards 3.0 to 5.2 are affected by these vulnerabilities.

All vulnerabilities have already been reported to the respective manufacturers. Several vulnerabilities have already been patched, while the rest are still in the replication and patching phase. An investigation shows that BrakTooth affects over 1400 product lists. BrakTooth exposes basic attack vectors in the closed BT stack.

Since the BT stack is often shared among many products, it is very likely that many other products (beyond the ≈1400 entries in the Bluetooth lists) are affected by BrakTooth. As a result, the security researchers recommend vendors that produce BT system-on-chips (SoCs), BT modules, or BT end products use the BrakTooth proof-of-concept (PoC) code to validate their BT stack implementation. The researchers provide a proof of concept (PoC) for exploiting BrakTooth. Details about the vulnerabilities can be read in this article.

Users tracked via Bluetooth headphones

Bluetooth headphones or earphones are quite popular and are used by many users. If these devices use a static MAC address in Bluetooth to exchange messages with a smartphone, this can be recorded as well. As part of an academic experiment, IT security researcher Bjørn Martin Hegnes rode a bicycle around the Norwegian city of Oslo for 12 days, recording signals from Bluetooth headphones. 

The goal was to find out how the vulnerabilities of WIFI and Bluetooth affect privacy and whether it is possible for a third party to track a user's location without their knowledge. After all, with the increasing use of WIFI and Bluetooth devices in the average person's daily life, many own at least one device, if not several, that can be used as tracking devices.

The result has been that it is possible not only to track a single person via Bluetooth or WiFi, but also to monitor the users in question en masse in a large city, such as Oslo. Then the Norwegian Broadcasting Corporation's tech site NRK Beta analyzed the data from this recording and revealed the results in this article. Using the static MAC addresses, it was possible to identify individual participants through their Bluetooth headsets and track their locations. "I was surprised at how easy it is to track all the accessories you can plug into a phone. It could be a bathroom scale or a headset," Hegnes says. Details can be found in the article by Hegnes and Norwegian broadcaster NRK Beta.

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *