Security Researchers Identify Billions of Bluetooth Devices from Popular Vendors as Vulnerable to Hackers

By B.N. Frank

Last month, the NSA sent a stern warning to employers that allowing their employees to use Bluetooth, WiFi, and NFC connections was putting their businesses at risk for cybersecurity breaches.  More recently, security experts cited specific Bluetooth software used in laptops, smartphones, industrial, and “smart” Internet of Things (IoT) devices as being vulnerable.

From The Record:

Billions of devices impacted by new BrakTooth Bluetooth vulnerabilities

  • Academics found 16 vulnerabilities impacting the Bluetooth software stack of many popular SoC chipsets.
  • The same Bluetooth software stacks are also used in 1,400 chipsets, used in laptops, smartphones, industrial, and iOT devices.
  • The vulnerabilities can be used to crash, freeze, or take over vulnerable devices.

A team of security researchers has published details this week about a suite of 16 vulnerabilities that impact the Bluetooth software stack that ships with System-on-Chip (SoC) boards from several popular vendors.

The vulnerabilities, collectively known as BrakTooth, allow attackers to crash or freeze devices or, in the worst-case scenarios, execute malicious code and take over entire systems.

For their tests, researchers said they only examined the Bluetooth software libraries for 13 SoC boards from 11 vendors.

However, subsequent research found that the same Bluetooth firmware was most likely used inside more than 1,400 chipsets, used as the base for a wide assortment of devices, such as laptops, smartphones, industrial equipment, and many types of smart “Internet of Things” devices.

BrakTooth severity and impact varies per device

The number of affected devices is believed to be in the realm of billions, but the impact is different based on the device’s underlying SoC board and Bluetooth software stack.

The worst vulnerability part of the BrakTooth findings is CVE-2021-28139, which allows remote attackers to run their own malicious code on vulnerable devices via Bluetooth LMP packets.

According to the research team, CVE-2021-28139 affects smart devices and industrial equipment built on Espressif Systems’ ESP32 SoC boards, but the issue is bound to impact many of the other 1,400 commercial products some of which are bound to have reused the same Bluetooth software stack.

Read full article

Additionally, exposure to Bluetooth, cell phone (see 1, 2, 3), and/or wireless “Wi-Fi” radiation (see 1, 2, 3, 4, 5) is biologically harmful including to pets.

Activist Post reports regularly about Bluetooth and other unsafe technology.  For more information visit our archives and the following websites:

Image credit

Become a Patron!
Or support us at SubscribeStar
Donate cryptocurrency HERE

Subscribe to Activist Post for truth, peace, and freedom news. Follow us on Telegram, SoMee, HIVE, Flote, Minds, MeWe, Twitter, Gab, Ruqqus, and What Really Happened.

Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.

Activist Post Daily Newsletter

Subscription is FREE and CONFIDENTIAL
Free Report: How To Survive The Job Automation Apocalypse with subscription

Be the first to comment on "Security Researchers Identify Billions of Bluetooth Devices from Popular Vendors as Vulnerable to Hackers"

Leave a comment