- 1 hr ago Tecno Phantom X2 Pro Vs Realme 10 Pro Plus: Display, Specs, Features, Compared
- 1 hr ago Nokia C12 With Unisoc Octa-core Processor, Android 12 Go Launched: Specifications, Price
- 17 hrs ago OnePlus 11R Secures BIS Certification And Pops-Up On CQC: Launch In India Confirmed?
- 18 hrs ago Tecno Spark Go 2023 India Launch Imminent: Price, Images, Specifications Leaked
- Education Preparation tips and Strategy to crack the NIFT entrance examination 2023
- Sports Ishan Kishan wants to make most of middle order opportunity
- Finance This Government Bank is Offering 8.05% Interest on FD for Senior Citizens- Check Here.
- Lifestyle Why Babies Spit Up: What Causes It? How To Reduce Spitting Up?
- Automobiles Auto Expo 2023 Ended With 6.36 Lakh Visitors – A New Record
- Movies Bigg Boss 16: EX Jhalak Winner Thinks Shiv Thakare Did Right By Taking Priyanka’s Name, Says ‘Finale Aagaya…’
- News Relief from severe cold wave in Delhi; 13 trains running late due to fog in north India
- Travel Mayan Settlements: A 2000 Year Old Town Found Underneath Guatemala Rainforest
BrakTooth Bluetooth Vulnerabilities: What Is It? How To Mitigate Risk?
Recently, security researchers revealed details about as many as 16 vulnerabilities that leave an impact on the Bluetooth software stack shipping with SoC (System-on-Chip) boards from popular vendors. These researchers hit the headlines in February 2020 as they disclosed the SweynTooth vulnerabilities. They have coined the current set of vulnerabilities BrakTooth.
As we saw earlier, BrakTooth affects leading SoC providers including Qualcomm, Intel, Texas Instruments, Silicon Labs, and Infineon (Cypress) and others. The chips that are vulnerable are said to be used by Microsoft Surface laptops, a slew of Qualcomm-based smartphone models, and Dell laptops.
However, these researchers claim that they examined only the Bluetooth software libraries for 13 SoC boards from across 11 vendors. Furthermore, they found that the same Bluetooth firmware was mostly used within over 1,400 chipsets as a base for a slew of devices including smartphones, laptops, industrial equipment and several types of smart IoT devices.
What's notable is that the impact of the vulnerability will not be the same for all these devices. Some devices can be crashed by sending LMP packets crafted for the purpose and recovered with a simple reboot. Other devices might let an attacker run a malicious code on vulnerable devices via BLMP packets. These packets are used by Bluetooth to set up and configure links to other devices.
The shocking news is that researchers believe that the BrakTooth vulnerability could have affected billions of devices across the world.
All BrakTooth Vulnerabilities
As per the complete technical details, 16 vulnerabilities are found on the dedicated BrakTooth website and are numbered from V1 to V16 alongside associated CVEs. The researchers note that all 11 vendors were notified months ago about the potential security issues and even before publishing these findings.
Bluetrum, Infineon, and Expressif have released their patches as well. As they received necessary information, other vendors acknowledged these findings but did not confirm a specific release date to rollout the security patch. They cited internal investigations on how the bugs of BrakTooth will impact their software stacks as well as product portfolios. Furthermore, Texas Instruments stated that they will not address the flaws that will impact their chipsets.
Computer Security Flaws
As per the listing in the Common Vulnerabilities and Exposures (CVE) database, the computer security flaws were disclosed publicly. It intends to make it easier to share data across individual vulnerability capabilities including databases, tools and services. In BrakTooth, the most serious vulnerability has been listed under CVE-2021-28139. It lets attackers in radio range trigger the execution of the arbitrary code along with a specially crafted payload.
While the serious vulnerability was found to impact smart devices and industrial equipment that was built on Expressif System's ESP32 SoC boards, the issue might impact as many as 1,400 commercial products that reuse the same Bluetooth software stack.
Migitigation Of BrakTooth Risk
The researchers emphasize that the lack of basis testing in Bluetooth certification to authenticate the security of BLE (Bluetooth Low Energy) devices is the reason for this. The BrakTooth family of vulnerabilities can revisit and reassert the issue but use Bluetooth Classic protocol implementations.
To mitigate the BrakTooth vulnerabilities, the best advice, for now, is the install patches and ask vendors about timely patches that aren't available. Also, it is important to disable Bluetooth on devices that do not require it. You can prevent attackers from sending malicious LMP packets with these patches. As BrakTooth vulnerability is based on Bluetooth Classic protocol, the attacker has to be within the radio range of the target, so make sure you enable Bluetooth only in safe environments