BrakTooth Bluetooth Vulnerabilities harming systems in 2022
Researchers have found various security bugs in the Bluetooth stack carried out on SoCs from multiple vendors. Named ‘BrakTooth,’ these Bluetooth weaknesses possibly risk issues like DoS and code execution to billions of gadgets.
BrakTooth Bluetooth Vulnerabilities
A group of security researchers from Singapore University has found various weaknesses, which they called ‘BrakTooth,’ in this Classic (BT) protocol empowering multiple devices.
They surveyed 13 Bluetooth gadgets from 11 distinct vendors and found more than 15 security bugs. Successful exploitation of these bugs can lead to arbitrary code execution, denial of service, or device deadlock (due to which the vulnerability was called ‘Brak’which means ‘crash’ in Norwegian).
BrakTooth vulnerability affect Bluetooth devices from several industry known vendors which include Intel, Qualcomm, Zhuhai Jieli Technology, Cypress, Espressif Systems, Actions Technology, Texas Instruments, Bluetrum Technology, Harman International, and Silabs etc.
While the impacted devices running weak Bluetooth conventions range from mobile phones and desktops and laptops to keyboards, audio devices such as Bluetooth speakers and earbuds and other =musical instruments, and smart home devices which are used on daily basis.
CEO of YouAttest, Grajek told a leading cyber-related news reporting firm that adversaries are poring over surface regions to track down hole to dig their fangs into. Bluetooth is vulnerable, being “a mechanism with the most variants and thus cracks to exploit,” Grajek told to the agency over email.
See more: Poland and Slovakian parliament rattled by sudden DDoS attack
In order to remain safe it is advised to patch the devices whenever they are available for patch.
Furthermore, as suggested by both CISA and FBI, another key is to apply the formula of providing least privilege and ensure that the devices that would be compromised during attack, for example, BrakTooth shouldn’t allow adversaries damaging the system.
The NIST recommendation is for all records, for example, the Bluetooth administration account, to be “verified they are not conceded a lot of privilege to surpass the machine and extend attacks into the enterprise,” Grajek added to the note.
See more: Thomson Reuters exposed TBs of sensitive data over internet
Make it so,, through access controls as well as “vigilant access certifications conducted on a timely basis,” he advised.
Note: This is and edited post
Follow on Facebook: Latest Hacking Updates
