HC3 TLP White: Analyst Note: BrakTooth Vulnerabilities September 23, 2021

Executive Summary

The BrakTooth vulnerabilities came on the radar in August 31, 2021, after being discovered by the ASSET (Automated Systems Security) Research Group at the Singapore University of Technology and Design (SUTD). It is described as a new family of security vulnerabilities found in commercial Bluetooth Classic stacks for various System-on-Chips (SoC). BrakTooth, uses the Bluetooth Classic (BR/EDR) protocol and affects millions of Bluetooth-enabled devices that are manufactured by Intel, Qualcomm, Texas Instruments, Infineon (Cypress), Zhuhai Jieli Technology, and Silicon Labs.
This is a concern to the US Healthcare industry because Bluetooth devices are used in various essential roles and tampering with these devices could result in adverse consequences.

Report

BrakTooth vulnerabilities pose a threat to Healthcare and Public Health (HPH) sector because researchers say that the risk associated with the BrakTooth set of security flaws ranges from denial-of-service (DoS) by crashing the device firmware, or a deadlock condition where Bluetooth communication is no longer possible, to arbitrary code. This is a new family of security vulnerabilities, affecting Bluetooth stacks implemented on system-on-a-chip (SoC) circuits.