Security researchers revealed a group of vulnerabilities collectively referred to as BrakTooth as impacting Bluetooth stacks that are a part of SoC circuits from 12 different vendors. BrakTooth vulnerabilities impact a good range of devices, including consumer electronics devices and a few industrial types of equipment. The vulnerability opens the door to many attacks, including denial of service and, therefore, the ability to execute arbitrary code.
The BrakTooth vulnerability was discovered by researchers from the Singapore University of Technology and style. University researchers investigated 13 Bluetooth devices from multiple SoC vendors, including Intel, Qualcomm, Texas Instruments, and Cypress. The hardware containing the Bluetooth stacks is utilized in quite 1400 products.
Just a couple of the merchandise types that the vulnerable SoCs are utilized in include smartphones, vehicle infotainment systems, PCs, speakers, headphones, home theatre systems, keyboards, toys, and a few programmable logic controllers utilized in industrial equipment. Researchers estimate that BrakTooth could impact billions of devices.
To exploit the BrakTooth vulnerability, the attacker would wish the ESP32 development kit, customized Link Manager Protocol firmware, and a computer. The foremost severe of the 16 known BrakTooth vulnerabilities is being tracked as CVE-2021-28139. that specific vulnerability is more severe than others because it allows arbitrary code execution.
Intel’s AX200 SoC and, therefore, the WCN3990 are susceptible to a denial of service attack implemented by sending a specially modified packet. A good range of laptop and desktop computers and a few smartphones are susceptible to that attack. There are patches available for a couple of the vulnerable devices, but most of the vulnerabilities haven’t any fixed or have ongoing fixes. The researchers did put together an indication of the vulnerability showing arbitrary code execution via Bluetooth.