Researchers at the Singapore University of Technology and Design have recently discovered a family of 20 vulnerabilities that they have collectively labelled as BrakTooth. This affects more than 1,400 products based on 13 different Bluetooth devices from various major brands.
According to the researchers (Via PCMag), the security flaw has been confirmed to affect over 1,400 smartphones, laptops, keyboards, headphones, and other Bluetooth enabled devices. Although, the researchers claimed that this is just a low ball figure as “the BT stack is often shared across many products,” and that “it is highly probable that many other products (beyond the ≈1400 entries observed in Bluetooth listing) are affected by BrakTooth.”
This series of vulnerabilities can apparently be exploited to conduct denial of service (DoS) attacks and enable arbitrary code execution (ACE) on target devices. These DoS attacks can disrupt the victim’s Bluetooth connection or could even require Bluetooth connectivity to be manually restarted to function normally again. Furthermore, ACE can also be used to erase user data, disable wireless connectivity, or interact with other devices as well.
As of right now, BrakTooth is only capable of enabling ACE on the ESP32 system on chip (SoC) made by Espressif Systems. Although, these chips are commonly found in IoT products as well as industrial systems. The researchers noted that this SoC is so common that proof of concept exploit actually uses an ESP32 development kit to conduct attacks on target devices. At the moment, the researchers have informed the various top vendors of this exploit and certain companies have already released firmware patches to fix the vulnerabilities while others are investigating the issue.
RELATED:
- Tim Cook blames app side oading for Android having more malware than iOS
- EA suffers a Data Breach, with hackers now selling FIFA 21 source code
- Over 1 million Gamers exposed to hackers by known Android game developer from China
