BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An Read More …

Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle

A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don’t implement MAC address randomisation – meaning they can be used to track their wearers. Norwegian state broadcaster NRK revealed Read More …

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution

Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic (BT) for communication. According to an academic paper from the University of Singapore, the bugs are found in Read More …

NSA Issues Guidance on Securing Wireless Devices in Public Settings

FORT MEADE, Md. – NSA released the Cybersecurity Information Sheet, “Securing Wireless Devices in Public Settings” today to help National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) teleworkers identify potential threats and minimize risks to Read More …

Bluetooth flaws allow attackers to impersonate legitimate devices

Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks. The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to Read More …

Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things (IoT) devices. According to Google, the vulnerability affects users of Read More …

Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw

Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer. Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Read More …