It seems that security researchers from the Singapore University of Technology and Design have noticed Bluetooth is not the most secure system around. The Intel AX200 WiFi is an affected unit along with some Qualcomm hardware.
As of today, we have evaluated 13 BT devices from 11 vendors. We have discovered a total of 16 new security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four (4) vulnerabilities are pending CVE assignment from Intel and Qualcomm.
The researchers have uncovered arbitrary code execution which can be used to harm machines.
Representing an estimated 1,400 or more commercial products, including Microsoft’s Surface Pro 7, Surface Laptop 3, Surface Book 3, and Surface Go 2 and the Volvo FH infotainment system, the BrakTooth vulnerabilities are claimed to expose “fundamental attack vectors in the closed BT [Bluetooth] stack.”
Given how pervasive Bluetooth is this could be very bad news for consumers. Since BrakTooth is based on the Bluetooth Classic protocol, an adversary would have to be in the radio range of the target to execute the attacks. As such, secured facilities should have a lower risk as compared to public areas (assuming no insiders within secured facilities).
Machines with soldered logic are especially vulnerable as parts cannot be easily swapped.
Read more about this threat the BrakTooth site.
TAKE CHARGE OF SECURITY
NASA recently ran a security audit in May 2021. This audit found that during the last four years, NASA had experienced more than 6,000 cyber incidents, and 1,785 in 2020 alone. The NASA experience should warn everyone not to take security for granted.
Keep Windows updated.