BrakTooth Bluetooth vulnerability exposes millions of Windows and Android devices

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

A large collection of vulnerabilities have been found in Bluetooth chipsets across a range of popular SoC OEMs including Intel, Qualcomm, Texas Instruments, Infineon (Cypress), Silicon Labs and others.

The group of hacks have been dubbed BrakTooth and their impact can range from simply crashing devices using specially crafted Bluetooth Link Manager Protocol packets to executing arbitrary code (CVE-2021-28139).

The hacks have been found on 13 boards from 11 vendors, but may affect as many as 1,400 chipsets.

Products impacted include laptops and desktops from Dell (Optiplex, Alienware), Microsoft Surface devices (Go 2, Pro 7, Book 3), and smartphones (e.g. Pocophone F1, Oppo Reno 5G).

Expressif, Infineon, and Bluetrum have released patches, while other OEMs are still investigating the issue.

If a patch is not available, security vendors advise disabling Bluetooth.

See the hack demoed below:

via Malwarebytes, BleepingComputer

User forum

0 messages