By B.N. Frank
Last month, the NSA sent a stern warning to employers that allowing their employees to use Bluetooth, WiFi, and NFC connections was putting their businesses at risk for cybersecurity breaches. More recently, security experts cited specific Bluetooth software used in laptops, smartphones, industrial, and “smart” Internet of Things (IoT) devices as being vulnerable.
From The Record:
Billions of devices impacted by new BrakTooth Bluetooth vulnerabilities
- Academics found 16 vulnerabilities impacting the Bluetooth software stack of many popular SoC chipsets.
- The same Bluetooth software stacks are also used in 1,400 chipsets, used in laptops, smartphones, industrial, and iOT devices.
- The vulnerabilities can be used to crash, freeze, or take over vulnerable devices.
A team of security researchers has published details this week about a suite of 16 vulnerabilities that impact the Bluetooth software stack that ships with System-on-Chip (SoC) boards from several popular vendors.
The vulnerabilities, collectively known as BrakTooth, allow attackers to crash or freeze devices or, in the worst-case scenarios, execute malicious code and take over entire systems.
For their tests, researchers said they only examined the Bluetooth software libraries for 13 SoC boards from 11 vendors.
However, subsequent research found that the same Bluetooth firmware was most likely used inside more than 1,400 chipsets, used as the base for a wide assortment of devices, such as laptops, smartphones, industrial equipment, and many types of smart “Internet of Things” devices.
BrakTooth severity and impact varies per device
The number of affected devices is believed to be in the realm of billions, but the impact is different based on the device’s underlying SoC board and Bluetooth software stack.
The worst vulnerability part of the BrakTooth findings is CVE-2021-28139, which allows remote attackers to run their own malicious code on vulnerable devices via Bluetooth LMP packets.
According to the research team, CVE-2021-28139 affects smart devices and industrial equipment built on Espressif Systems’ ESP32 SoC boards, but the issue is bound to impact many of the other 1,400 commercial products some of which are bound to have reused the same Bluetooth software stack.
Activist Post reports regularly about Bluetooth and other unsafe technology. For more information visit our archives and the following websites:
- Electromagnetic Radiation Safety
- Environmental Health Trust
- Physicians for Safe Technology
- Wireless Information Network
Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.