DirtyTooth



DirtyTooth is a generic term for a feature in the Bluetooth profiles of an iPhone that may be exploited if the device is using an iOS version below 11.2. Android devices are not affected.

History
The first hack was reported on March 5, 2017, and was officially presented to the public at the RootedCon conference in August 2017 in Madrid, Spain and later at the ToorCon in San Diego. A research paper was published in 2017 using DirtyTooth with a real bluetooth speaker. In BlackHat Europe 2017 another demonstration was carried out, this time with a Raspberry Pi.

Overview
DirtyTooth is based on the way how Bluetooth notifies the user when it changes the profile. Some operating systems ask the user to accept the profile change but others like iOS, do not warn the user, changing automatically from one profile to another. Depending on the Bluetooth profile, it can provide different access levels to the services and the information located in the device. The DirtyTooth hack works impersonating the A2DP profile so that a user's iOS device connects, changing to a PBAP profile after pairing without having to enter a PIN if the device has Bluetooth version 2.1 or higher.

Affected hardware
The hack affected every iPhone from the 3G to the X, given that the smartphones were running any operating system below iOS version 11.2.

Impact
The data obtained exploiting the DirtyTooth hack may include personal and technical information about the user and the device.

Mitigation
This hack is resolved by updating the iPhone to iOS version 11.2 or higher.