Security News > 2021 > September > New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable
A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service attacks.
Collectively dubbed "BrakTooth", the 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments, covering an estimated 1,400 or more commercial products, including laptops, smartphones, programmable logic controllers, and IoT devices.
Arising due to a lack of an out-of-bounds check in the library, the flaw enables an attacker to inject arbitrary code on vulnerable devices, including erasing its NVRAM data.
A last collection of flaws discovered in Bluetooth speakers, headphones, and audio modules could be abused to freeze and even completely shut down the devices, requiring the users to manually turn them back on.
Troublingly, all the aforementioned BrakTooth attacks could be carried out with a readily available Bluetooth packet sniffer that costs less than $15. While Espressif, Infineon, and Bluetrum Technology have released firmware patches to rectify the identified vulnerabilities, Intel, Qualcomm, and Zhuhai Jieli Technology are said to be investigating the flaws or in the process of readying security updates.
The ASSET group has also made available a proof-of-concept tool that can be used by vendors producing Bluetooth SoCs, modules, and products to replicate the vulnerabilities and validate against BrakTooth attacks.