Researchers find BrakTooth flaws affect billions of Bluetooth Devices


By MYBRANDBOOK


Researchers find BrakTooth flaws affect billions of Bluetooth Devices

According to news reports, Singapore University of Technology and Design researchers have revealed a family of 20 vulnerabilities, which they collectively dubbed BrakTooth, that affect more than 1,400 products based on 13 different Bluetooth devices sold by 11 of the world's leading vendors.

 

The security flaws were confirmed to affect 1,400 smartphones, laptops, keyboards, headphones, and other Bluetooth-enabled devices. But that's a minimum. BrakTooth can reportedly be exploited to conduct denial of service (DoS) attacks and enable arbitrary code execution (ACE) on target devices. DoS attacks can disrupt the victim's Bluetooth connection or, in some cases, require Bluetooth connectivity to be restarted manually. ACE can be used to erase user data, disable wireless connectivity, or interact with other devices.

 

BrakTooth only enables ACE on the ESP32 system on chip (SoC) made by Espressif Systems. The bad news: The ESP32 is commonly found in Internet of Things (IoT) devices as well as industrial systems. The SoC is so common that the researchers' proof of concept exploit actually uses an ESP32 development kit to conduct attacks on target devices.

 

The researchers said they disclosed BrakTooth to all of the affected vendors. Some companies have already released firmware patches to address the vulnerability, others are investigating the issue, and a few have said they don't plan to fix the flaw.

 

The researchers said they don't plan to publicly release the full proof of concept exploit until the end of October 2021 because that's when Intel is supposed to patch its devices. They did, however, release instructions for "a low-cost BT Classic (BR/EDR) Active Sniffer" that will use the proof of concept exploit when it's released.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org