Published: May 23, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Those of us who love using Bluetooth for a wireless connection to our devices know how freeing it can be. No wires are needed to connect, allowing us to do things like dance to music without being tethered to a device. That is, until BrakTooth made itself known to security professionals and users worldwide. The word “Brak” is Norwegian and translates to “crash” in English. This family of vulnerabilities affect Bluetooth enabled devices by making them continuously crash or deadlock, and worse. BrakTooth also enables bad actors to execute arbitrary code on a Bluetooth device or crash the device using denial-of-service (DoS) attacks.
Researchers find BrakTooth enables 16 security vulnerabilities across 13 Bluetooth chipsets from 11 vendors like Qualcomm, Intel, and Texas Instruments. They affect 1,400 or more products like smartphones, laptops, and IoT (Internet of Things) devices. What BrakTooth means for everyday users at the very least is the disruption of our beloved Bluetooth services, but there’s more to it than that.
Of the 16 BrakTooth bugs discovered, the most effective is found in Bluetooth-based consumer appliances ranging from electronics to industrial equipment, and is known as CVE-2021-28139. Hackers use it to attack vulnerable devices by injecting arbitrary code and erasing NVRAM (non-volatile random-access memory) data. NVRAM is memory that’s responsible for storing data whether the power is turned on or off.
Keeping BrakTooth Out Of Our Bluetooth
Those who say BrakTooth is winning the fight against Bluetooth may not know there are steps we can take to reduce our vulnerability. Checking with the device manufacturer to see if there’s a security patch available for BrakTooth is recommended. Go directly to that company’s website, rather than clicking links that may pop up at seemingly random times. If a fix is available, download it immediately. Another option is turning off Bluetooth connectivity when it’s not in use. A hacker depends on that connection to be effective, so when it’s turned off BrakTooth has no other way to enter a device.
So, connect to your favorite Bluetooth device and enjoy using it untethered. But do it as safely as you can!
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com