BrakTooth vulnerability impacts Bluetooth devices

Security researchers revealed a set of vulnerabilities collectively known as BrakTooth as impacting Bluetooth stacks that are part of SoC circuits from more than 12 different vendors. BrakTooth vulnerabilities impact a wide range of devices, including consumer electronics devices and some industrial equipment. The vulnerability opens the door to several attacks, including denial of service and the ability to execute arbitrary code.

The BrakTooth vulnerability was discovered by researchers from Singapore University of Technology and Design. University researchers investigated 13 Bluetooth devices from multiple SoC vendors, including Intel, Qualcomm, Texas Instruments, and Cypress. The hardware containing the Bluetooth stacks are used in more than 1400 products.

Just a few of the product types that the vulnerable SoCs are used in include smartphones, vehicle infotainment systems, PCs, speakers, headphones, home theater systems, keyboards, toys, and some programmable logic controllers used in industrial equipment. Researchers estimate that BrakTooth could impact billions of devices.

To exploit the BrakTooth vulnerability, the attacker would need the ESP32 development kit, customized Link Manager Protocol firmware, and a computer. The most severe of the 16 known BrakTooth vulnerabilities is being tracked as CVE-2021-28139. That particular vulnerability is more severe than others because it allows arbitrary code execution.

The researchers did put together a demonstration of the vulnerability showing arbitrary code execution via Bluetooth. Intel's AX200 SoC and the WCN3990 are vulnerable to a denial of service attack implemented by sending a specially modified packet. A wide range of laptop and desktop computers and some smartphones are vulnerable to that attack. At this time, there are patches available for a few of the vulnerable devices, but most of the vulnerabilities have no fix or have fixes that are in progress.