DirtyTooth
DirtyTooth is a generic term for a feature in the Bluetooth profiles of an iPhone that may be exploited if the device is using an iOS version below 11.2. Android devices are not affected.
History
[edit]The first hack was reported on March 5, 2017, and was officially presented to the public at the RootedCon conference in August 2017 in Madrid, Spain and later at the ToorCon in San Diego.[1][2][3][4] A research paper was published in 2017 using DirtyTooth with a real bluetooth speaker.[5] In BlackHat Europe 2017 another demonstration was carried out, this time with a Raspberry Pi.[6]
Overview
[edit]DirtyTooth is based on the way how Bluetooth notifies the user when it changes the profile. Some operating systems ask the user to accept the profile change but others like iOS, do not warn the user, changing automatically from one profile to another. Depending on the Bluetooth profile, it can provide different access levels to the services and the information located in the device. The DirtyTooth hack works impersonating the A2DP profile so that a user's iOS device connects, changing to a PBAP profile after pairing without having to enter a PIN if the device has Bluetooth version 2.1 or higher.
Affected hardware
[edit]The hack affected every iPhone from the 3G to the X, given that the smartphones were running any operating system below iOS version 11.2.
Impact
[edit]The data obtained exploiting the DirtyTooth hack may include personal and technical information about the user and the device.
Mitigation
[edit]This hack is resolved by updating the iPhone to iOS version 11.2 or higher.
References
[edit]- ^ "DirtyTooth Hack: It´s only Rock'n Roll but I like it (I de V)".
- ^ "CHEMA ALONSO - DirtyTooth: It´s only Rock'n Roll, but I like it [Rooted CON 2017 - ENG]". 22 August 2017 – via www.youtube.com.
- ^ "Conference | ToorCon: San Diego". sandiego.toorcon.net. Archived from the original on 2018-08-31.
- ^ "[2017] ToorCon 19: Chema Alonso & Kevin Mitnick "DirtyTooth"". 6 December 2017 – via www.youtube.com.
- ^ "DirtyTooth". March 3, 2017.
- ^ "Black Hat Europe 2017". www.blackhat.com.