ORSHIN Attack Defense Framework

Bluetooth Threat Catalog

Attack Vector and ThreatPrimary MITRE EMB3D TIDRisk Value
Entropy downgrade MITRE EM3ED TID-411 n/a
Key Negotiation of Bluetooth (KNOB) on BC MITRE EM3ED TID-411 8.1
Secure Connection Attack MITRE EM3ED TID-411 5.4
Bluetooth Cross-Transport Key Derivation (BLUR) MITRE EM3ED TID-411 9.8
Key brute force MITRE EM3ED TID-317 n/a
Profile switch MITRE EM3ED TID-317 n/a
Authentication challenge reflection MITRE EM3ED TID-221 n/a
PIN pairing impersonation attack MITRE EM3ED TID-221 5.4
Passkey entry impersonation attack MITRE EM3ED TID-221 4.2
No IO downgrade MITRE EM3ED TID-411 n/a
MitM on Secure Simple Pairing MITRE EM3ED TID-411 n/a
RCE MITRE EM3ED TID-310 n/a
Remote code execution MITRE EM3ED TID-310 8.2
Heap overflow MITRE EM3ED TID-310 7.5
Feature Pages Execution MITRE EM3ED TID-310 8.8
SMP reception handler out-of-bounds read MITRE EM3ED TID-310 7.5
DoS MITRE EM3ED TID-404 n/a
Out of bounds write in L2CAP reassembly MITRE EM3ED TID-404 8.2
Messages Flooding MITRE EM3ED TID-404 6.5
Truncated SCO Link Request MITRE EM3ED TID-404 6.5
Duplicated IOCAP MITRE EM3ED TID-404 4.9
LMP Overflow MITRE EM3ED TID-404 6.5
Accept Truncated LMP MITRE EM3ED TID-404 6.5
Invalid Setup Complete MITRE EM3ED TID-404 5.7
Same Host Connection MITRE EM3ED TID-404 6.5
Invalid Max Slot Type or Length MITRE EM3ED TID-404 6.5
Invalid Timing Accuracy MITRE EM3ED TID-404 6.5
Paging Scan Deadlock MITRE EM3ED TID-404 6.5
Invalid ECC point MITRE EM3ED TID-318 n/a
Invalid Curve Attack MITRE EM3ED TID-318 6.8
RID MITRE EM3ED TID-327 n/a
Information disclosure due to out-of-bounds heap read MITRE EM3ED TID-327 6.5
Information Leak MITRE EM3ED TID-310 n/a
Information disclosure MITRE EM3ED TID-310 8.2
Stack-Based information leak MITRE EM3ED TID-310 6.5
Buffer overflowOut of Bounds MITRE EM3ED TID-327 n/a
Inquiry Response Heap Overflow MITRE EM3ED TID-327 n/a
Heap overflow in ACL mode MITRE EM3ED TID-327 7.8
Heap-Based buffer overflow MITRE EM3ED TID-327 6.5
Heap-Based type confusion MITRE EM3ED TID-327 8.8
Power Consumption Analysis Side Channel MITRE EM3ED TID-101 n/a
Electromagnetic Analysis Side Channel MITRE EM3ED TID-102 n/a
Microarchitectural Side Channels MITRE EM3ED TID-103 n/a
Hardware Fault Injection – Control Flow Modification MITRE EM3ED TID-105 n/a
Data Bus Interception MITRE EM3ED TID-106 n/a
Unauthorized Direct Memory Access (DMA) MITRE EM3ED TID-107 n/a
ROM/NVRAM Data Extraction or Modification MITRE EM3ED TID-108 n/a
RAM Chip Contents Readout MITRE EM3ED TID-109 n/a
Hardware Fault Injection – Data Manipulation MITRE EM3ED TID-110 n/a
Unverified Peripheral Firmware Loaded MITRE EM3ED TID-113 n/a
Peripheral Data Bus Interception MITRE EM3ED TID-114 n/a
Untrusted External Storage MITRE EM3ED TID-111 n/a
Weak Peripheral Port Electrical Damage Protection MITRE EM3ED TID-118 n/a
Firmware/Data Extraction via Hardware Interface MITRE EM3ED TID-115 n/a
Latent Privileged Access Port MITRE EM3ED TID-116 n/a
Latent Hardware Debug Port Allows Memory/Code Manipulation MITRE EM3ED TID-119 n/a
Inadequate Bootloader Protection and Verification MITRE EM3ED TID-201 n/a
Excessive Access via Software Diagnostic Features MITRE EM3ED TID-224 n/a
RCE MITRE EM3ED TID-310 n/a
Stack overflow in L2CAP MITRE EM3ED TID-310 8.0
Exploitable System Network Stack Component MITRE EM3ED TID-202 n/a
Operating System Susceptible to Rootkit MITRE EM3ED TID-218 n/a
Device Vulnerabilities Unpatchable MITRE EM3ED TID-210 n/a
Device Allows Unauthenticated Firmware Installation MITRE EM3ED TID-211 n/a
Secrets Extracted from Device Root of Trust MITRE EM3ED TID-214 n/a
Cryptographic Timing Side-Channel MITRE EM3ED TID-330 n/a
FW/SW Update Integrity Shared Secrets Extraction MITRE EM3ED TID-212 n/a
Faulty FW/SW Update Integrity Verification MITRE EM3ED TID-213 n/a
Unencrypted SW/FW Updates MITRE EM3ED TID-215 n/a
Firmware Update Rollbacks Allowed MITRE EM3ED TID-216 n/a
Remotely Initiated Updates Can Cause DoS MITRE EM3ED TID-217 n/a
Logs can be manipulated on the device MITRE EM3ED TID-225 n/a
Device leaks security information in logs MITRE EM3ED TID-226 n/a
Applications Binaries Modified MITRE EM3ED TID-301 n/a