Dear, all
Espressif has made available a patch for a BrakTooth Vulnerability which can trigger arbitrary code execution on ESP32 via
Bluetooth Classic (BR/EDR) for those using Espressif dual mode stack or HCI-UART mode with a third-party stack.
BrakTooth disclosure: https://asset-group.github.io/disclosures/braktooth/
ESP-IDF commit with the patch: https://github.com/espressif/esp-idf/tr ... 598d9fc172
Advisory from Espressif: https://www.espressif.com/sites/default ... visory.pdf
Video of the attack: https://www.youtube.com/watch?v=F7VjuOiUsNk
BrakTooth Vulnerability on ESP32 (Arbitrary Code Execution)
Re: BrakTooth Vulnerability on ESP32 (Arbitrary Code Execution)
Thanks for info.
This is also nice:
This is also nice:
As part of our work of reverse engineering ESP32 BT stack, we are releasing to the community a low-cost BT Classic (BR/EDR) Active Sniffer which is available at the following URL:
https://github.com/Matheus-Garbelini/es ... ic_sniffer
Re: BrakTooth Vulnerability on ESP32 (Arbitrary Code Execution)
Is there any information how sniffer work? There is no source code for esp32 firmware in gtihub repo.
Re: BrakTooth Vulnerability on ESP32 (Arbitrary Code Execution)
Thanks for posting the link to the advisory from Espressif. This was the only place I could actually find it.
Do you know how these get published by Espressif? Is there some list I can subscribe to to be alerted when one of these advisories is posted? I can't see if in their website's news section.
Do you know how these get published by Espressif? Is there some list I can subscribe to to be alerted when one of these advisories is posted? I can't see if in their website's news section.
Re: BrakTooth Vulnerability on ESP32 (Arbitrary Code Execution)
Subscribe the "Advisories" via https://www.espressif.com/en/subscribe
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 105 guests