A set of vulnerabilities referred to as BrakTooth is identified by security researchers from more than 12 various vendors, that influence Bluetooth stack which is part of SoC circuits. These vulnerabilities have a wide-range impact. It can affect consumer electronics devices as well as industrial equipment. BrakTooth vulnerabilities result in several other attacks including denial of service and the ability to implement arbitrary code.
Researchers from the Singapore University of Technology and Design were the ones who discovered this BrakTooth vulnerability. They had used 13 Bluetooth devices from various SoC vendors like Qualcomm, Intel, Cypress, and Texas Instruments for investigation. The hardware with Bluetooth stacks is used within 1400 and more products. Some of the products in which vulnerable SoCs are used are smartphones, PCs, vehicle infotainment systems, toys, headphones, speakers, home theatre systems, keyboards, and some of the programmable logic controllers used in industrial equipment.
From the investigation, researchers noted that BrakTooth can impact billions of devices. So, to exploit the vulnerability, the attacker needs things like an ESP32 development kit, a Link Manager Protocol firmware that is customized, and of course a computer. CVE-2021-28139 is being tracked as the most severe one among the 16 known BrakTooth vulnerabilities. This is more severe because it is allowing arbitrary code execution.
The researchers also made a demonstration for displaying the vulnerability by showing arbitrary code execution via Bluetooth. Intel’s AX200 SoC and WCN3990 were vulnerable to a denial of service attack. This was implemented by sending a specially modified packet. Many of the devices like laptops, desktop computers, and smartphones were vulnerable to this attack. Patches were available for some of the vulnerable devices, but most of the vulnerabilities cannot be fixed or were fixing process.