Cybersecurity specialists announced the release of a proof of concept (PoC) exploit to test the security of multiple Bluetooth enabled devices and their efficiency against System-on-a-Chip (SoC) failures, present in devices from manufacturers such as Intel, Qualcomm, Cypress and Texas Instruments.
It is estimated that this set of vulnerabilities, nicknamed “BrakTooth”, resides in about 1,400 Bluetooth chips, used in all kinds of smart devices, including smartphones, tablets, hearing aids, smart speakers and others.
In this regard, the Cybersecurity and Infrastructure Security Agency (CISA) recommended that manufacturers address these failures, since the availability of a PoC exploit considerably increases the possibilities of exploitation in the wild.
CISA also asked tech companies and developers to verify the details of reported failures, due to the possibility of massive exploitation of SoC bugs in exposed Bluetooth systems.
On exploiting BrakTooth flaws, the Agency notes that a successful attack would allow threat actors to deploy denial of service (DoS) attacks, lock device firmware, and even arbitrary code execution, depending on the affected system.
As if that were not enough, hackers looking to exploit these flaws would only require an ESP32 board, available for less than $20 USD, in addition to a custom firmware sample and a computer capable of running the PoC.
Some of the manufacturers have already begun updating their affected products, although CISA notes that due to the large number of affected implementations, the complete patching of these devices could take months.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
