If your device is acting weird, the first thing you might think is that you somehow might have gotten a virus or a bug in it. The majority of the time, though, whatever issues you’re having with your Bluetooth or gadget can be traced back to a bug or a malfunction and can be readily fixed.
But in today’s world, hackers can exploit a corrupted Bluetooth on the most popular SoCs on the market to lock, freeze, or take control of a wide variety of devices. Some manufacturers have turned a blind eye. A widespread security vulnerability puts us in danger in a linked society where we all use the same communication methods. Researchers have discovered a series of 16 vulnerabilities known as BrakTooth that affect billions of devices that use Bluetooth Classic (BT) for connection.
The vulnerabilities found were reported to the appropriate vendors. Several of them were already patched and the others are in the process of being replicated. In addition, Espressif System and Xiaomi have offered bug bounties for four of the BrakTooth vulnerabilities. According to a search of the Bluetooth listing, BrakTooth impacts about 1400 product listings. In the closed BT stack, BrakTooth reveals fundamental attack avenues.
BrakTooth is the result of combining two words: 1) Brak and 2) Tooth. Word Tooth refers to Bluetooth devices, and the word Brak is Norwegian and means “crash” in English. The BrakTooth family of vulnerabilities affects Bluetooth-enabled devices by crashing or deadlocking them regularly, with some resulting in more catastrophic effects such as arbitrary code execution.
Some of the devices affected by BrakTooth are:
A wide range of products, including laptops, cellphones, industrial equipment, automobiles, and smart gadgets, are being affected by Braktooth. The number of devices affected is estimated to be in the billions. However, the impact of BrakTooth varies depending on the SoC board mounted on the device and the Bluetooth software stack it uses.
The most critical problem (CVE-2021-28139) affects ESP32 SoCs, a set of low-cost, low-capability SoC microcontrollers with built-in Wi-Fi and twin-mode Bluetooth. Commonly found in IoT appliances, used in market automation, smart-home devices, specific health and fitness gadgets, and so forth.
The 2nd attack scenario can turn to DOS in laptops and smartphones. Researchers were able to accomplish this with the help of Intel AX200 SoCs and Qualcomm WCN3990 SoCs. One of the DoS problems (CVE-2021-34147), caused by a failure in the SoC to call allowed functions when it receives an invalid LMP timing precision response from a connected BT device.
BrakTooth is likely to affect many other items (beyond the 1400 entries found in the Bluetooth listing) because of the BT stack, commonly shared across multiple manufacturers. As a result, we recommend that manufacturers of BT system-on-chips (SoCs), BT modules, or BT end products test their BT stack implementation using the BrakTooth proof-of-concept (PoC) code.
Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.
Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.