Connect with us

BrakTooth vulnerabilities put billions of devices at risk

Published

on

The issues are affecting SoCs from a number of manufacturers, including Intel and Qualcomm.

A team of scientists from the Singapore University of Technology and Design made public details on more than a dozen vulnerabilities in the Bluetooth Classic protocol [BR/EDR]that can be used to perform various malicious actions – from initiating device failure to executing arbitrary code and taking control of an affected system.

The vulnerabilities, collectively known as BrakTooth, affect SoCs from a number of manufacturers, including Intel, Qualcomm, Texas Instruments, Infineon (Cypress), and Silicon Labs.

As part of the study, experts studied Bluetooth libraries supplied in 13 SoC systems from 11 vendors, but they believe that the scale of the problem is much larger, since the same firmware is used in more than 1.4 thousand chips on which various devices operate, such like laptops, smartphones, industrial equipment, and IoT devices.

The most dangerous vulnerability is CVE-2021-28139, which allows remote execution of arbitrary code using Bluetooth LMP packets. The problem affects smart devices and industrial equipment using Espressif Systems ESP32 SoCs, the researchers said.

Using other vulnerabilities, an attacker can cause the Bluetooth service to malfunction on smartphones and laptops. Among the vulnerable devices, experts indicate Microsoft Surface laptops, Dell desktops, as well as several models of smartphones based on Qualcomm chips.

According to them, to carry out such attacks will require Bluetooth equipment, costing less than $ 15.

The team of scientists informed the manufacturers of the research results more than three months ago, however, only Espressif Systems, Infineon and Bluetrum have released the corresponding patches. Texas Instruments said it would not patch the vulnerabilities. The rest of the vendors are conducting their own investigation and have not yet announced the exact dates for the release of the fixes.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Want to learn how to work with cloud databases and take the DP-900 certification exam for free?

Published

on

Take a two-day training session from Microsoft on October 25 and 26.

From Microsoft experts, you will learn about the key principles of Azure services, proven approaches, and the specifics of working with relational and non-relational data.

Have time sign up for training

Continue Reading

Security

Women and minorities are more likely to be cyberattacks than other people

Published

on

Women are more likely than men to receive messages from unknown numbers containing potentially malicious links.

Demographics play a large role in how often people are victims of cybercrime. Low-income and vulnerable populations are disproportionately affected by cybercrime. As the results showed poll 5 thousand people in Germany, the UK and the US, conducted by experts from Malwarebytes, Digitunity and Cybercrime Support Network, minorities, as well as groups of people with low income and low educational level, are more likely to be victims of a cyber attack. Some groups are much more likely to face online threats.

For example, women are much more likely to receive text messages from unknown numbers containing potentially malicious links than men (79% versus 73%). Almost half (46%) of women said their social media accounts had been hacked, compared with 37% of men.

Black, Indigenous and People of Color (BIPOC) social media accounts are more likely to be attacked than whites (45% versus 40%); BIPOC populations are also more likely to experience identity theft (21% versus 15%). In fact, only 47% of BIPOC respondents escaped the financial consequences of cybercriminals.

Age is also an important factor. 36% of people aged 65 and over have been victims of credit card information theft.

21% of women and 23% of BIPOC respondents experienced “significant” stress when faced with suspicious online activity.

According to the report, the statistics are linked to the overall sense of security (or lack thereof) in cyberspace. While half of all respondents do not feel secure online and 31% do not feel safe online, the numbers are different for women. Women feel the least private online (53% versus 47% of men) and the least secure (35% versus 27% of men).

Socioeconomic class also matters. People with higher incomes (51%) feel more secure online than people with lower incomes (40%). The same is true for educational attainment – users with the highest educational attainment feel more secure (48%) than those who graduated only from college (44%) or high school (40%).

Continue Reading

Security

The United States launched a program to replace network equipment Huawei and ZTE

Published

on

The US government allocated $ 1.9 billion for the implementation of the program.

On Monday, September 28, the US Federal Communications Commission (FCC) announced the launch of a program to replace network equipment of telecom operators in rural areas. The government allocated $ 1.9 billion to implement the program, writes Reuters.

The program was approved in July 2021, and applications for participation in it will open on October 29 and will last until January 14, 2022. Its goal is to remove from the networks of American telecom operators equipment manufactured by Chinese companies recognized in the United States as a threat to national security, in particular Huawei and ZTE.

Last year, the FCC recognized Huawei and ZTE as a threat to national security, thereby depriving US companies of the ability to use the $ 8.3 billion government fund to buy equipment from them. In December, the FCC passed regulations requiring carriers using ZTE and Huawei equipment to “dispose of and replace” it.

The requirement is a big problem for telecom operators in rural areas, which do not have the financial ability to purchase new equipment and find specialists who are able to carry out such a replacement.

The latest FCC ruling expands the program from telecom operators with 2 million or less subscribers to operators with 10 million or less subscribers.

Continue Reading

Most Popular