A joint research team between the Singapore Polytechnic Design University and the Singapore Institute of Science and Technology has discovered BrakTooth, a Bluetooth vulnerability that affects at least 1,400 models of home appliances and industrial products, including Microsoft Surface Laptop 3, Surface Go 2, and Dell Alienware m17 R3. announced.
Brexus is a generic term for 16 types of vulnerabilities inherent in the Bluetooth software stack used in 13 types of SoCs manufactured by 11 companies. It can be seen that it affects more than 1,400 models including laptops, smartphones, industrial and IoT devices. The 16 vulnerabilities named Brexus each have different severity and impact, but CVE-2021-28139, recognized as the worst among them, performs all functions implemented in the ESP32 firmware through remote Bluetooth LMP packets. appealing for a response.
Among the devices affected by the Brexus are the Microsoft Surface Laptop 3, Surface Go 2, Surface Pro 7, Surface Book 3, Dell Optiplex 5070, Alienware M17 R3, and Sony Xperia XZ2. Some of the vehicle multimedia electronic control units, infotainment systems, and flight audio systems are equipped with SoCs affected by Brexus, and Volvo FH, a Volvo truck, is also affected.
Before this announcement, the research team notified 11 companies that manufacture SoCs with built-in Brectus, of which Infineon, Bluetrum Technology, and Espressif Systems released a patch, and Intel, Qualcomm, Zhuhai EL Technology, and Action Technology are currently supporting it. do. Espressif Systems and Xiaomi also offered prizes to their bug bounty programs. The content of the proof-of-concept tool through Brectus will be released at the end of October 2021 when Intel completes the patch distribution. Related information can be found here.