BrakTooth Bluetooth vulnerability exposes millions of Windows and Android devices

September

6

A large collection of vulnerabilities have been found in Bluetooth chipsets across a range of popular SoC OEMs including Intel, Qualcomm, Texas Instruments, Infineon (Cypress), Silicon Labs and others.

The group of hacks have been dubbed BrakTooth and their impact can range from simply crashing devices using specially crafted Bluetooth Link Manager Protocol packets to executing arbitrary code (CVE-2021-28139).

The hacks have been found on 13 boards from 11 vendors, but may affect as many as 1,400 chipsets.

Products impacted include laptops and desktops from Dell (Optiplex, Alienware), Microsoft Surface devices (Go 2, Pro 7, Book 3), and smartphones (e.g. Pocophone F1, Oppo Reno 5G).

Expressif, Infineon, and Bluetrum have released patches, while other OEMs are still investigating the issue.

If a patch is not available, security vendors advise disabling Bluetooth.

See the hack demoed below:

YouTube player

via Malwarebytes, BleepingComputer

Leave a Reply

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}