The US Cybersecurity and Infrastructure Agency has issued a warning related to a proof of concept exploit targeting BrakTooth, a group of vulnerabilities that can be found in many common Bluetooth devices, months after the security flaws were initially disclosed to the public.
Singapore University of Technology and Design revealed the BrakTooth vulnerabilities in September. They said at the time that more than 1,400 devices—including smartphones, laptops, and headsets, among others—were affected by the security flaws. All together BrakTooth was said to affect at least 13 common Bluetooth stacks from 11 leading vendors.
The researchers also said they wouldn’t publish a proof of concept exploit until late October because they wanted to give those vendors time to release patches for their products. (Or, for people who own products featuring Bluetooth devices that Qualcomm and Texas Instruments said they wouldn’t patch, time to find something that won’t suffer from these vulnerabilities.)
That proof of concept was published on Nov. 1. The researchers also said that Samsung, Mediatek, and Airoha confirmed that some of their Bluetooth chips are affected by BrakTooth, although none of the companies named specific products. All three companies were added to the table the researchers are using to keep track of vendors’ responses to these flaws.
“An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution,” CISA says. “CISA encourages manufacturers, vendors, and developers to review BRAKTOOTH: Causing Havoc on Bluetooth Link Manager and update vulnerable Bluetooth System-on-a-Chip (SoC) applications or apply appropriate workarounds.”
But there aren’t many official patches for BrakTooth at time of writing. There are 16 entries on the table used to track vulnerable devices—two won’t be patched, five are marked “investigation in progress,” two are marked “patch in progress,” three are marked “TBA,” and four have a patch available for download. That means most affected devices remain vulnerable to attack.
