News

BrakTooth security vulnerabilities: Millions of Bluetooth devices could be affected

Security researchers at the Singapore University of Technology and Design have found as many as 16 vulnerabilities in commercially used Bluetooth stack implementations. Millions of laptops, speakers and IoT devices could be affected.

Huge security vulnerabilities

Commercially used Bluetooth stack implementations (“BrakTooth”) are affected by a whopping 16 security vulnerabilities, according to a report by several security researchers at the Singapore University of Technology and Design.

According to the researchers, these allow denial-of-service attacks that can completely cripple the affected devices and a complete disabling of the Bluetooth connection. One vulnerability even allows remote code execution to run different software on the affected devices.

As part of the investigation, the researchers looked at 13 Bluetooth chips from 11 different manufacturers that had corresponding security vulnerabilities. Since many end devices use the same Bluetooth chips, they assume at least 1,400 affected products. These include, for example, notebooks, smartphones, IoT devices and speakers – meaning that several million end devices could be affected in total.

Patch deployment is slow

To exploit the vulnerabilities, an attacker only needs to be near the vulnerable device. All that is also needed is a “cheap ESP32 development kit” with specific firmware and a PC running a tool. Pairing or prior authentication does not need to be performed in advance, it adds.

However, the research team clarifies that not every device using an affected Bluetooth chipset would necessarily be affected. Nevertheless, the Bluetooth connectivity of corresponding end devices could be significantly impaired.

The researchers plan to make a tool available at the end of October that can be used to execute the exploits. So far, this is only available to manufacturers, who can use it to detect and eliminate the corresponding security vulnerabilities.

Espressif Systems, Infineon and Bluetrum have already succeeded in counteracting the problems with the help of security patches. According to the researchers, the security team at Texas Instruments has given feedback that they would only offer a patch if this was explicitly requested by the customers. Most manufacturers have simply not responded to the team’s request so far.

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Neue Antworten laden...

Basic Tutorials

Neues Mitglied

2,114 Beiträge 950 Likes

Security researchers at the Singapore University of Technology and Design have found as many as 16 vulnerabilities in commercially used Bluetooth stack implementations. Millions of laptops, speakers and IoT devices could be affected. Huge security vulnerabilities Commercially used Bluetooth stack implementations („BrakTooth“) are affected by a whopping 16 security vulnerabilities, according to a report by … (Weiterlesen...)

Antworten Like

Back to top button