Researchers have made available attack code and a proof-of-concept tool for testing Bluetooth devices against security issues in System-on-a-Chip (SoC) chips from Intel, Texas Instruments, Qualcomm, and Cypress.
These 16 faults, collectively known as BrakTooth, affect commercial Bluetooth stacks on over 1,400 chipsets, which are used in billions of devices including smartphones, IoT devices, PCs, toys, music devices, and industrial equipment.
On Thursday, CISA advised vendors to patch these flaws following security researchers developed a proof-of-concept tool to test Bluetooth devices against BrakTooth attacks.
According to the government agency, manufacturers and developers were also urged to evaluate the vulnerability information revealed by researchers in August and “upgrade susceptible Bluetooth System-on-a-Chip (SoC) applications or apply suitable workarounds.”
“BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution,” CISA writes.
Depending on the susceptible SoC used in the targeted device, the effect of the BrakTooth flaws ranges from denial-of-service (DoS) by crashing the device firmware or freezes via deadlock scenarios that impede Bluetooth connectivity to arbitrary code execution that can lead to total takeover.
Threat actors would only need an off-the-shelf ESP32 board that costs less than $15, modified Link Manager Protocol (LMP) firmware, and a computer to execute the proof-of-concept (PoC) tool to launch a BrakTooth operation.
Though some vendors have already released security fixes to address the BrakTooth flaws, it will take months for all unpatched devices to receive them. In other situations, suppliers are still looking into the problems, are working on a solution, or haven’t made an announcement about their patch status.
CISA encourages all impacted to review BRAKTOOTH: Causing Havoc on Bluetooth Link Manager and update vulnerable Bluetooth SoC applications or use workarounds.
