BrakTooth crashes devices. Are you at risk?

Cybersecurity experts at the Singapore University of Technology and Design have published a report on 16 identified vulnerabilities in Bluetooth software which pose a threat to billions of devices running on various platforms.

The list is called BrakTooth - from the Norwegian word brak (crash). It turns out that Bluetooth modules from manufacturers such as Intel, Qualcomm, Texas Instruments, Infineon, and Silicon Labs are under threat. The study revealed that the vulnerability affects over 1,400 chipsets which are used in laptops, smartphones, and Internet of Things gadgets. According to experts, the threat could affect billions of devices around the world.  The vulnerability was found on Dell computers, Microsoft Surface laptops, Pocophone, and OPPO smartphones.

BrakTooth vulnerabilities allow hackers to overload the device, disable it, and even initiate codes remotely. The most serious vulnerability on this list so far is CVE-2021-28139, which allows an outsider to send an LMP packet (link management protocol) to a device and run malicious codes.

The complete list of vulnerabilities and affected devices can be found on the website https://asset-group.github.io/disclosures/braktooth/

In order to gain access to a given device, the Bluetooth option must be enabled,  and so manufacturers of vulnerable devices recommend disabling the module. Expressif, Infineon, and Bluetrum promptly released an update to fix the problem, though other manufacturers have not yet put out public statements regarding when and how they plan to fix this error.