fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Bluetooth BrakTooth Bugs Could Affect Billions of Devices

Bluetooth BrakTooth Bugs Could Affect Billions of Devices

Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip (SoC) circuits from over a dozen vendors.

The set of issues impact a wide variety of devices, from consumer electronics to industrial equipment. The associated risk ranges from denial-of-service, deadlock condition of the device to arbitrary code execution.

Wide variety of products impacted

Researchers from the Singapore University of Technology and Design have published details about BrakTooth – a new family of security vulnerabilities in commercial Bluetooth stacks.

They assessed 13 Bluetooth devices from close to a dozen SoC vendors counting Intel, Qualcomm, Texas Instruments, and Cypress.

BT SoC VendorBT SoCDev. Kit / ProductSample Code
Intel (BT 5.2)AX200Laptop Forge15-RN.A
Qualcomm (BT 5.2)WCN3990Xioami Pocophone F1N.A
Texas Instruments (BT 5.1)CC2564CCC256XCQFN-EMSPPDMMultiDemo
Zhuhai Jieli Technology (BT 5.1)AC6366CAC6366C_DEMO_V1.0app_keyboard
Cypress (BT 5.0)CYW20735B1CYW920735Q60EVB-01rfcomm_serial_port
 
Bluetrum Technology (BT 5.0)AB5301AAB32VG1Default
Zhuhai Jieli Technology (BT 5.0)AC6925CXY-WRBT ModuleN.A
Actions Technology (BT 5.0)ATS281XXiaomi MDZ-36-DBN.A
Zhuhai Jieli Technology (BT 4.2)AC6905XBT Audio ReceiverN.A
Espressif Systems (BT 4.2)ESP32ESP-WROVER-KITbt_spp_acceptor
Harman International (BT 4.1)JX25XJBL TUNE500BTN.A
Qualcomm (BT 4.0)CSR 8811Laird DVK-BT900-SAvspspp.server.at
Silabs (BT 3.0+HS)WT32iDKWT32I-Aai-6.3.0-1149

Digging deeper, the researchers discovered that more than 1,400 product listings are affected by BrakTooth, and the list includes but is not limited to the following types of devices:

  • Smartphones
  • Infotainment systems
  • Laptop and desktop systems
  • Audio devices (speakers, headphones)
  • Home entertainment systems
  • Keyboards
  • Toys
  • Industrial equipment (e.g. programmable logic controllers – PLCs)

Also Read: 5 Common Sections in an Agreement Form Example

Considering the variety of products affected, saying that BrakTooth affects billions of devices is likely an accurate estimation. 

The researchers say that the risk associated with the BrakTooth set of security flaws ranges from denial-of-service (DoS) by crashing the device firmware, or a deadlock condition where Bluetooth communication is no longer possible, to arbitrary code.

Someone pulling a BrakTooth attack would need an ESP32 development kit, a custom Link Manager Protocol (LMP) firmware, and a computer to run the proof-of-concept (PoC) tool.

BrakTooth attack scenario

Of the 16 BrakTooth vulnerabilities, one of them tracked as CVE-2021-28139 presents a higher risk than others because it allows arbitrary code execution.

It affects devices with an ESP32 SoC circuit, which is found in numerous IoT appliances for home or industry automation.

The researchers demonstrate the attack in the video below by changing the state of an actuator using an LMP Feature Response Extended packet:

Devices running on the AX200 SoC from Intel and Qualcomm’s WCN3990 SoC are vulnerable to a DoS condition triggered when sending a malformed packet.

The list of products impacted includes laptops and desktops from Dell (Optiplex, Alienware), Microsoft Surface devices (Go 2, Pro 7, Book 3), and smartphones (e.g. Pocophone F1, Oppo Reno 5G).

The researchers informed all vendors whose products they found to be vulnerable to BrakTooh ahead of the publication of their findings but only some of them have been patched.

Patch state of BrakTooth vulnerabilities affecting Bluetooth stack

Also Read: 10 Practical Benefits of Managed IT Services

The vulnerabilities in the Braktooth collection target the LMP and baseband layers. Currently, they’ve been assigned 20 identifiers with a few more pending, and refer to the following 16 issues:

  1. Feature Pages Execution (CVE-2021-28139 – arbitrary code execution/deadlock)
  2. Truncated SCO Link Request (CVE-2021-34144 – deadlock)
  3. Duplicated IOCAP (CVE-2021-28136 – crash)
  4. Feature Response Flooding (CVE-2021-28135, CVE-2021-28155, CVE-2021-31717 – crash)
  5. LMP Auto Rate Overflow (CVE-2021-31609, CVE-2021-31612 – crash)
  6. LMP 2-DH1 Overflow (pending CVE – deadlock)
  7. LMP DM1 Overflow (CVE-2021-34150 – deadlock)
  8. Truncated LMP Accepted (CVE-2021-31613 – crash)
  9. Invalid Setup Complete (CVE-2021-31611 – deadlock)
  10. Host Conn. Flooding (CVE-2021-31785 – deadlock)
  11. Same Host Connection (CVE-2021-31786 – deadlock)
  12. AU Rand Flooding (CVE-2021-31610, CVE-2021-34149, CVE-2021-34146, CVE-2021-34143 – crash/deadlock)

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us