AL2021_24 New Vulnerability Leave Millions of Bluetooth- enabled Devices Vulnerable (6th September 2021)

On the 2nd of September 2021, Ravie Lakshmanan reported a new Bluetooth vulnerability that was discovered by a research group named Automated Systems Security (ASSET) from the Singapore University of Technology and Designed (SUTD).

Summary.

A set of new Bluetooth vulnerabilities have been discovered in a commercial Bluetooth stack that can enable an attacker to carry out arbitrary code that can crash devices via denial-of-service attacks.

How it works

The vulnerability works without any previous pairing of the Bluetooth devices, however, the vulnerability can be classified into two groups, which are crashes and deadlocks. The crash vulnerability triggers a lethal assertion by segmentation of faults due to a buffer or heap overflow within the system-on-a-chip (SoC) firmware. Whereby, deadlocks guide the target device to a condition in which no continuous Bluetooth communication is possible.

For further information on this vulnerability, kindly follow the URL:

https://asset-group.github.io/disclosures/braktooth/

Remediation

To safeguard against such attacks, Bluetooth users are asked to check for firmware patches for the type of devices they used, and the chipset embedded unto their devices.

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.

PDF Download: Vulnerability Leave Millions of Bluetooth enabled Devices Vulnerable.pdf

References

New BrakTooth flaw in Bluetooth devices (2nd September 2021). Retrieved from “thehackernews”.

https://thehackernews.com/2021/09/new-braktooth-flaws-leave-millions-of.html

New BrakTooth flaw in Bluetooth devices (n.d). Retrieved from Asset-Group.

https://asset-group.github.io/disclosures/braktooth/