Newly discovered vulnerabilities in Bluetooth could affect billions of devices using the common wireless connection standard. The University’s Automated Systems Security Research Group discovered and detailed the problem by naming it “BrakTooth”. Researchers have discovered 16 new vulnerabilities, 20 common vulnerabilities or CVEs have been identified, and four have not yet been identified
The BrakTooth issue was found on 13 system-on-chip chips from 11 manufacturers , which are estimated to represent at least 1,400 trading assets. The vulnerabilities affect products from Intel, Qualcomm, Texas Instruments, Infineon Technologies (Cypress), and Silicon Labs, among others.
Product samples that use SoCs affected by BrakTooth include Microsoft Surface products, Dell desktops and laptops, Sony and Guangdong Oppo Mobile smartphones, Volvo automotive infotainment systems and audio products sold by Walmart.
The most critical, CVE-2021-28139 Vulnerability called ESP32 SoCs affects “Internet of Things” devices manufactured by Espressif Systems that are used in industrial automation, smart home devices, personal fitness devices and other devices. The vulnerability is the result of a lack of out-of-bounds control in the ESP32 Bluetooth directory, which allows an attacker to enter arbitrary code. An attack that takes advantage of the vulnerability could lead to data deletion or even take control of the device. Another vulnerability found in Intel AX200 Socs and Qualcomm WCN3900 SoCs allows denial of service attacks on laptops and smartphones.
Vulnerabilities are usually found in all types of devices and technologies, and Bluetooth exception in the past. The problem usually depends on manufacturer upgrades, which some companies are more willing than others. BrakTooth fits into the sample
The researchers communicated all their findings on BrakTooth to the manufacturers concerned, but only a few took action. According to The Record, only Espressif, Infineon and Shenzen Bluetrum Technology have released fix packs to address the vulnerabilities, while Texas Instruments has stated that it does not address the identified vulnerabilities.
Other manufacturers acknowledged the problem, but did not provide a release date, citing internal investigations into how each BrakTooth vulnerability affects their software package and product portfolio
Hardware, software, tests , curiosities and colorful news from the world of IT by clicking here
