Discovery of BrakTooth vulnerabilities by Assistant Professor Sudipta Chattopadhyay, SUTD ASSET Research Group
Discovery of BrakTooth vulnerabilities by Assistant Professor Sudipta Chattopadhyay, SUTD ASSET Research Group
Researchers from the Singapore University of Technology and Design (SUTD) released 16 new security vulnerabilities, with the codename BrakTooth (https://www.braktooth.com), affecting a wide range of Bluetooth classic (BR/EDR) implementations. The report, done in collaboration with the Institute for Infocomm Research (I2R), Agency for Science, Technology and Research (A*STAR), was led by Assistant Professor Sudipta Chattopadhyay (https://sudiptac.bitbucket.io/) from SUTD’s ASSET (Automated Systems SEcuriTy) Research Group (https://asset-group.github.io/). The details of the news can be found on SUTD website: https://www.sutd.edu.sg/Research/Research-News/2021/9/bluetooth-security-vulnerabilities-braktooth
The above discovery has got some excellent coverage and response worldwide, which the research group believe is a breakthrough from the earlier SweynTooth discovery (https://istd.sutd.edu.sg/research/highlights/pushing-the-state-of-the-art-for-over-the-air-fuzzing/). Some of the most important coverage include:
WIRED: https://www.wired.com/story/braktooth-bluetooth-whatsapp-fine-omg-cable/
PC Mag Magazine: https://sea.pcmag.com/security/45801/braktooth-vulnerabilities-affect-countless-bluetooth-devices
Hacker News: https://thehackernews.com/2021/09/new-braktooth-flaws-leave-millions-of.html
Malwarebytes: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/braktooth-bluetooth-vulnerabilities-crash-all-the-devices/
Register: https://www.theregister.com/2021/09/01/braktooth_vulnerabilities_put_bluetooth_users/
Bleeping Computer: https://www.bleepingcomputer.com/news/security/bluetooth-braktooth-bugs-could-affect-billions-of-devices/
Threatpost (Kaspersky): https://threatpost.com/bluetooth-bugs-dos-code-execution/169159/
Heise online: (an important medium in Germany) https://www.heise.de/news/Braktooth-Neue-Bluetooth-Luecken-bedrohen-unzaehlige-Geraete-6180540.html (German)
German Federal Office for Information Security alert: https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/TW/2021/09/warnmeldung_tw-t21-0163.html?nn=520060