- 4 hrs ago Poco M4 Pro 5G With Up 6GB RAM Spotted At FCC; When Is It Launching?
- 6 hrs ago Honor Band 6 Selling At Just Rs. 2,499 At Flipkart: Should You Buy?
- 9 hrs ago Oppo Reno7 Key Specifications Revealed Via New Leak; Expected Price, Launch Date
- 9 hrs ago Nothing Phone Expected To Launch In Early 2022; Power (1) Power Bank Also Coming Soon
- News Syed Ali Shah Geelani's grandson dismissed from govt service for aiding terrorist activities in J&K
- Sports Leicester City 4-2 Manchester United: Red Devils collapse, Man City prevail
- Travel Rajasthan's Ten Best Winter Destinations
- Finance Now Conduct Debit Card Services At New Micro ATMs of This Bank: Here’s How
- Automobiles Top 5 Safest Cars In India: All of them are manufactured by Indian automobile manufacturers
- Movies Katrina Kaif Reviews Sardar Udham, Praises Rumoured Boyfriend Vicky Kaushal As 'Pure Talent'
- Lifestyle Sooryavanshi: All Set For Promotions, Katrina Kaif Looks Like A Dream In Her Floral Lehenga
- Education CBSE Class 10, 12 Term Exam Dates Tentative Announced, Check CBSE Class X, XII Date Sheet Release Details
BrakTooth Bluetooth Vulnerabilities: What Is It? How To Mitigate Risk?
Recently, security researchers revealed details about as many as 16 vulnerabilities that leave an impact on the Bluetooth software stack shipping with SoC (System-on-Chip) boards from popular vendors. These researchers hit the headlines in February 2020 as they disclosed the SweynTooth vulnerabilities. They have coined the current set of vulnerabilities BrakTooth.
As we saw earlier, BrakTooth affects leading SoC providers including Qualcomm, Intel, Texas Instruments, Silicon Labs, and Infineon (Cypress) and others. The chips that are vulnerable are said to be used by Microsoft Surface laptops, a slew of Qualcomm-based smartphone models, and Dell laptops.
However, these researchers claim that they examined only the Bluetooth software libraries for 13 SoC boards from across 11 vendors. Furthermore, they found that the same Bluetooth firmware was mostly used within over 1,400 chipsets as a base for a slew of devices including smartphones, laptops, industrial equipment and several types of smart IoT devices.
What's notable is that the impact of the vulnerability will not be the same for all these devices. Some devices can be crashed by sending LMP packets crafted for the purpose and recovered with a simple reboot. Other devices might let an attacker run a malicious code on vulnerable devices via BLMP packets. These packets are used by Bluetooth to set up and configure links to other devices.
The shocking news is that researchers believe that the BrakTooth vulnerability could have affected billions of devices across the world.
All BrakTooth Vulnerabilities
As per the complete technical details, 16 vulnerabilities are found on the dedicated BrakTooth website and are numbered from V1 to V16 alongside associated CVEs. The researchers note that all 11 vendors were notified months ago about the potential security issues and even before publishing these findings.
Bluetrum, Infineon, and Expressif have released their patches as well. As they received necessary information, other vendors acknowledged these findings but did not confirm a specific release date to rollout the security patch. They cited internal investigations on how the bugs of BrakTooth will impact their software stacks as well as product portfolios. Furthermore, Texas Instruments stated that they will not address the flaws that will impact their chipsets.
Computer Security Flaws
As per the listing in the Common Vulnerabilities and Exposures (CVE) database, the computer security flaws were disclosed publicly. It intends to make it easier to share data across individual vulnerability capabilities including databases, tools and services. In BrakTooth, the most serious vulnerability has been listed under CVE-2021-28139. It lets attackers in radio range trigger the execution of the arbitrary code along with a specially crafted payload.
While the serious vulnerability was found to impact smart devices and industrial equipment that was built on Expressif System's ESP32 SoC boards, the issue might impact as many as 1,400 commercial products that reuse the same Bluetooth software stack.
Migitigation Of BrakTooth Risk
The researchers emphasize that the lack of basis testing in Bluetooth certification to authenticate the security of BLE (Bluetooth Low Energy) devices is the reason for this. The BrakTooth family of vulnerabilities can revisit and reassert the issue but use Bluetooth Classic protocol implementations.
To mitigate the BrakTooth vulnerabilities, the best advice, for now, is the install patches and ask vendors about timely patches that aren't available. Also, it is important to disable Bluetooth on devices that do not require it. You can prevent attackers from sending malicious LMP packets with these patches. As BrakTooth vulnerability is based on Bluetooth Classic protocol, the attacker has to be within the radio range of the target, so make sure you enable Bluetooth only in safe environments