Found vulnerabilities in Bluetooth of multiple Windows / Android products such as Microsoft 'Surface' series
Singapore Technical Design for Bluetooth vulnerability 'BrakTooth ' affecting at least 1400 models of home appliances and industrial products such as Microsoft '
ASSET Research Group: BrakTooth
https://asset-group.github.io/disclosures/braktooth/
Billions of devices impacted by new BrakTooth Bluetooth vulnerabilities --The Record by Recorded Future
https://therecord.media/billions-of-devices-impacted-by-new-braktooth-bluetooth-vulnerabilities/
BrakTooth Bluetooth vulnerability exposes millions of Windows and Android devices --MSPoweruser
https://mspoweruser.com/braktooth-bluetooth-vulnerability-exposes-millions-of-windows-and-android-devices/
The newly reported BrakTooth is a general term for 16 types of vulnerabilities inherent in the Bluetooth software stack used in 13 types of SoCs manufactured by 11 companies, and 1400 models such as notebook PCs, smartphones, industrial equipment, and IoT devices. It is expected to affect the above. The 16 vulnerabilities named BrakTooth have different severities and impacts, but the worst of them, CVE-2021-28139, is remotely implemented in the ESP32 firmware via Bluetooth LMP packets. The research team is calling on vendors to take immediate action because they can perform any function they have.
Below is a video of a Bluetooth headphone crashing using the 'CVE-2021-28135', 'CVE-2021-28155', and 'CVE-2021-31717' classified as BrakTooth.
BrakTooth --Feature Response Flooding on Audio Products --YouTube
Typical devices affected by BrakTooth are Microsoft 'Surface Laptop 3', 'Surface Go 2', ' Surface Pro 7 ', ' Surface Book 3 ', Dell ' Optimix 5070 ', 'Alienware M17 R3', and Sony 'Xperia'. XZ2 ', Oppo' Reno 5G CH1921 ', Panasonic' Sound Bar SC-HTB100 'etc. Some in-vehicle multimedia electronic control units, infotainment systems, and flight audio systems are equipped with SoCs that are affected by BrakTooth, and Volvo's truck ' Volvo FH ' is also said to be affected. increase.
Prior to this announcement, the research team reportedly notified 11 companies that manufacture the SoC that BrakTooth has, of which Espressif Systems, Infineon, Bluetrum Technology have released patches, Intel, Qualcomm, Zhuhai Jieli Technology, Actions Technology is currently supported. In addition, Espressif System and Xiaomi have presented prizes from their bug bounty program. A proof-of-concept tool for BrakTooth will be released at the end of October 2021 when Intel and others finish distributing patches.
Related Posts:
