Discovery of BrakTooth vulnerabilities by Assistant Professor Sudipta Chattopadhyay, SUTD ASSET Research Group – Information Systems Technology and Design (ISTD)

Discovery of BrakTooth vulnerabilities by Assistant Professor Sudipta Chattopadhyay, SUTD ASSET Research Group – Information Systems Technology and Design (ISTD)

DATE
06 Sep 2021

Researchers from the Singapore University of Technology and Design (SUTD) released 16 new security vulnerabilities, with the codename BrakTooth (https://www.braktooth.com), affecting a wide range of Bluetooth classic (BR/EDR) implementations. The report, done in collaboration with the Institute for Infocomm Research (I2R), Agency for Science, Technology and Research (A*STAR), was led by Assistant Professor Sudipta Chattopadhyay (https://sudiptac.bitbucket.io/) from SUTD’s ASSET (Automated Systems SEcuriTy) Research Group (https://asset-group.github.io/). The details of the news can be found on SUTD website: https://www.sutd.edu.sg/Research/Research-News/2021/9/bluetooth-security-vulnerabilities-braktooth

 

The above discovery has got some excellent coverage and response worldwide, which the research group believe is a breakthrough from the earlier SweynTooth discovery (https://istd.sutd.edu.sg/research/highlights/pushing-the-state-of-the-art-for-over-the-air-fuzzing/). Some of the most important coverage include:

 

WIRED: https://www.wired.com/story/braktooth-bluetooth-whatsapp-fine-omg-cable/
PC Mag Magazine: https://sea.pcmag.com/security/45801/braktooth-vulnerabilities-affect-countless-bluetooth-devices
Hacker News: https://thehackernews.com/2021/09/new-braktooth-flaws-leave-millions-of.html
Malwarebytes: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/braktooth-bluetooth-vulnerabilities-crash-all-the-devices/
Register: https://www.theregister.com/2021/09/01/braktooth_vulnerabilities_put_bluetooth_users/
Bleeping Computer: https://www.bleepingcomputer.com/news/security/bluetooth-braktooth-bugs-could-affect-billions-of-devices/
Threatpost (Kaspersky): https://threatpost.com/bluetooth-bugs-dos-code-execution/169159/
Heise online: (an important medium in Germany) https://www.heise.de/news/Braktooth-Neue-Bluetooth-Luecken-bedrohen-unzaehlige-Geraete-6180540.html (German)
German Federal Office for Information Security alert: https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/TW/2021/09/warnmeldung_tw-t21-0163.html?nn=520060