BrakTooth Bluetooth Vulnerabilities: What Is It? How To Mitigate Risk?

Recently, security researchers revealed details about as many as 16 vulnerabilities that leave an impact on the Bluetooth software stack shipping with SoC (System-on-Chip) boards from popular vendors. These researchers hit the headlines in February 2020 as they disclosed the SweynTooth vulnerabilities. They have coined the current set of vulnerabilities BrakTooth.

As we saw earlier, BrakTooth affects leading SoC providers including Qualcomm, Intel, Texas Instruments, Silicon Labs, and Infineon (Cypress) and others. The chips that are vulnerable are said to be used by Microsoft Surface laptops, a slew of Qualcomm-based smartphone models, and Dell laptops.

However, these researchers claim that they examined only the Bluetooth software libraries for 13 SoC boards from across 11 vendors. Furthermore, they found that the same Bluetooth firmware was mostly used within over 1,400 chipsets as a base for a slew of devices including smartphones, laptops, industrial equipment and several types of smart IoT devices.

What's notable is that the impact of the vulnerability will not be the same for all these devices. Some devices can be crashed by sending LMP packets crafted for the purpose and recovered with a simple reboot. Other devices might let an attacker run a malicious code on vulnerable devices via BLMP packets. These packets are used by Bluetooth to set up and configure links to other devices.

The shocking news is that researchers believe that the BrakTooth vulnerability could have affected billions of devices across the world.

All BrakTooth Vulnerabilities

As per the complete technical details, 16 vulnerabilities are found on the dedicated BrakTooth website and are numbered from V1 to V16 alongside associated CVEs. The researchers note that all 11 vendors were notified months ago about the potential security issues and even before publishing these findings.

Bluetrum, Infineon, and Expressif have released their patches as well. As they received necessary information, other vendors acknowledged these findings but did not confirm a specific release date to rollout the security patch. They cited internal investigations on how the bugs of BrakTooth will impact their software stacks as well as product portfolios. Furthermore, Texas Instruments stated that they will not address the flaws that will impact their chipsets.

Computer Security Flaws

As per the listing in the Common Vulnerabilities and Exposures (CVE) database, the computer security flaws were disclosed publicly. It intends to make it easier to share data across individual vulnerability capabilities including databases, tools and services. In BrakTooth, the most serious vulnerability has been listed under CVE-2021-28139. It lets attackers in radio range trigger the execution of the arbitrary code along with a specially crafted payload.

While the serious vulnerability was found to impact smart devices and industrial equipment that was built on Expressif System's ESP32 SoC boards, the issue might impact as many as 1,400 commercial products that reuse the same Bluetooth software stack.

Migitigation Of BrakTooth Risk

The researchers emphasize that the lack of basis testing in Bluetooth certification to authenticate the security of BLE (Bluetooth Low Energy) devices is the reason for this. The BrakTooth family of vulnerabilities can revisit and reassert the issue but use Bluetooth Classic protocol implementations.

To mitigate the BrakTooth vulnerabilities, the best advice, for now, is the install patches and ask vendors about timely patches that aren't available. Also, it is important to disable Bluetooth on devices that do not require it. You can prevent attackers from sending malicious LMP packets with these patches. As BrakTooth vulnerability is based on Bluetooth Classic protocol, the attacker has to be within the radio range of the target, so make sure you enable Bluetooth only in safe environments