A series of vulnerabilities called BrakTooth put millions of Bluetooth devices at risk around the world. This problem affects a wide variety of appliances used by home users, but also even industrial equipment. There are different security risks, as we will see, but they could allow an attacker to take control of that device.
Detect vulnerable Bluetooth devices of all kinds
This set of vulnerabilities affects a large number of devices that have Bluetooth . In total they have listed more than 1,400 products that are affected by BrakTooth. We can highlight mobile phones, computers, audio devices such as speakers or headphones, keyboards, toys or home entertainment systems. But they also detected it in industrial systems.
But how can this problem affect us? Security researchers have found that it can lead to denial of service attacks by blocking device firmware. But they could even run arbitrary code on those affected computers.
However, they indicate that a user performing a BrakTooth attack would need an ESP32 development kit, custom Link Manager Protocol firmware, and a computer to run the proof-of-concept tool.
In total there are 16 vulnerabilities that make up BrakTooth. However, there is one that worries security researchers above the rest: CVE-2021-28139. This is a bug that allows arbitrary code to be executed.
Specifically, this problem affects devices with an ESP32 SoC circuit, something that is especially present in Internet of Things devices to automate homes or also in industry. These devices have increased a lot in recent years, so we are talking about hundreds of thousands or millions of devices that could be affected around the world.
Only some devices have been patched
The security researchers behind this discovery say they contacted all vendors that had products that were vulnerable to BrakTooth. However, they indicate that not all of them have been patched at the moment, so they continue to be vulnerable.
Therefore, many devices are still vulnerable to these problems. This makes it possible for an attacker to exploit them , carry out denial of service attacks, execute remote code, etc. There are many Bluetooth security risks and leaving devices unpatched is a major mistake.
From this article we always recommend having all the devices correctly updated. It is important to have all the patches and security fixes released by the manufacturers themselves. This will help us to reduce the risk of cyber attacks, but also to always maintain optimal operation, with all the benefits that updates provide.
It must be borne in mind that the fact that the number of IoT devices that we have in our homes has increased inevitably makes security problems more present. It certainly tells us that we must take more precautions and avoid vulnerabilities of this type. Whenever possible we should apply whatever updates are available.