In August 2021, a group of researchers from Singapore called ASSET disclosed the series of vulnerabilities in commercial Bluetooth stacks ranging from DDoS to Arbitrary Code Execution - which was called Braktooth. It affected major vendors such as Intel, Cypress, Qualcomm and Espressif.

While researchers' main focus was to test laptops, smartphones and audio devices, one class of devices that went untested were Raspberry Pis. In this talk, I will describe how I was able to add small contribution to this research by proving that Raspberry Pi was also vulnerable to Braktooth due to the usage of Cypress System-on-Chip (SoC).

This presentation is beginner-friendly and no prior knowledge is required. It will cover the brief explanation of Braktooth series and more detailed explanation of documented process of crashing Bluetooth communications between Raspberry Pi and a remote speaker, why fixing this won't be enough with a simple code patch, and suggestions to mitigate the risks.