The cybersecurity investigators discovered a new family of Bluetooth security flaws dubbed “BrakTooth,” which includes a number of vulnerabilities, including denial of service (DoS) via firmware deadlocks and crashes, and arbitrary code execution (ACE).
Apple M1 users report Bluetooth failures: What you need to knowLaptops with the longest battery life in 2021
How BrakTooth wreak havoc on your Bluetooth-enabled devices
Thirteen Bluetooth devices from 11 vendors were evaluated in the study. The researchers discovered 16 new security holes within the Bluetooth protocol as well as 20 common vulnerability exposures. Some of the affected chipsets come from SoC manufacturers such as Intel, Qualcomm, Texas Instruments and Cypress. BrakTooth is as vicious as it sounds. It sinks its teeth into the integrity of the Bluetooth protocol, leaving consumers vulnerable to being targets of cybercriminal attacks. As mentioned, one of the potential consequences of BrakTooth is a DoS attack, which involves an ill-intentioned actor shutting down a machine or network and rendering it inaccessible to users. According to the study, an attacker can use a malicious paging technique that “exhausts” Bluetooth-supported SoCs, which can affect connectivity and trigger firmware crashes. Researchers discovered DoS vulnerabilities in laptops and smartphones that are equipped with Intel AX200 and Qualcomm WCN3990 SoCs. One of the most critical security flaws investigators unearthed is an arbitrary code execution attack. This means that some devices are susceptible to receiving malicious commands from the cybercriminal, allowing attackers to take complete control over the system. Researchers discovered arbitrary code execution attacks in Wi-Fi and Bluetooth IoT devices in markets such as smart home, fitness, industry automation and more. The study revealed that BrakTooth’s impact is widespread, affecting 1,400 different product categories, including audio equipment, smartphones, laptops and more. Thankfully, the researchers say that all the vulnerabilities were reported to the respective vendors, and the flaws are already patched or in the process of being fixed.