Detect vulnerable Bluetooth devices of all kinds
This set of vulnerabilities affects a large number of devices that have Bluetooth. In total they have listed more than 1,400 products that are affected by BrakTooth. We can highlight mobile phones, computers, audio devices such as speakers or headphones, keyboards, toys or home entertainment systems. But they also detected it in industrial systems.
But how can this problem affect us? Security researchers have found that it can lead to denial of service attacks by blocking device firmware. But they could even run arbitrary code on those affected computers.
However, they indicate that a user performing a BrakTooth attack would need a ESP32 development kit, a custom Link Manager Protocol firmware, and a computer to run the proof-of-concept tool.
Total there are 16 vulnerabilities that make up BrakTooth. However, there is one that worries security researchers above the rest: CVE-2021-28139. This is a bug that allows arbitrary code to be executed.
Specifically, this problem affects devices with an ESP32 SoC circuit, something that is especially present in Internet of Things devices to automate homes or also in industry. These devices have increased a lot in recent years, so we are talking about hundreds of thousands or millions of devices that could be affected around the world.
Only some devices have been patched
The security researchers behind this discovery say they contacted all the vendors who had vulnerable products to BrakTooth. However, they indicate that not all of them have been patched at the moment, so they continue to be vulnerable.
Therefore, many devices remain vulnerable to these problems. This makes an attacker able to exploit them, carry out denial of service attacks, execute remote code, etc. There are many security risks with Bluetooth and leaving devices unpatched is a major mistake.
From RedesZone we always recommend having all the devices correctly updated. It is important to have all the patches and security fixes released by the manufacturers themselves. This will help us reduce the risk of cyber attacks, but also always maintain optimal operation, with all the benefits that updates bring.
It must be borne in mind that the fact that the number of IoT devices that we have in our homes has increased inevitably makes security problems more present. It certainly tells us that we must take more precautions and avoid vulnerabilities of this type. Whenever possible we should apply whatever updates are available.