Researchers warn of BrakTooth bluetooth vulnerabilities


Researchers have found 16 new Bluetooth vulnerabilities called BrakTooth that could allow attackers to cause a denial of service and, in some cases, execute arbitrary code. More than fourteen hundred products are said to be vulnerable to BrakTooth, although some of the bluetooth leaks have since been patched.


By sending specially prepared Bluetooth packages, it is possible, for example, to cause Bluetooth speakers to freeze or to crash other Bluetooth devices. Users then have to manually turn the device on and off to get it working again. It is also possible to disconnect bluetooth devices that are connected to a smartphone or laptop.


Another dos attack causes the scanning of an attacked bluetooth device to work, but it won't be able to connect to it. An attacker could use this vulnerability to allow the user to connect to their bluetooth hardware. The most dangerous vulnerability (CVE-2021-28139) allows arbitrary code to be run on Internet of Things devices used in industrial automation, smart homes and fitness, among others.


The BrakTooth leaks contain the bluetooth libraries of a large number of bluetooth chips from Intel, Qualcomm and Texas Instruments, among others. The vulnerable chips are used in a variety of devices, including Microsoft and Dell laptops, Sony and Oppo smartphones, and a variety of other Bluetooth devices. Since not all manufacturers have released security updates yet, the researchers will not make a proof-of-concept tool public until the end of October.


The Internet Storm Center advises end users to check if their manufacturer releases security updates and install them right away. In the case of companies, governments and critical infrastructure, it is recommended to determine the use of Bluetooth within the organization and to find out what risk the BrakTooth leaks pose to day-to-day operations.



Previous Post Next Post