H-ISAC TLP White Vulnerability Report BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

November 5, 2021

On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth, originally disclosed in August 2021, is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution.

Health-ISAC previously distributed a regarding the breadth and criticality of the BrakTooth vulnerabilities as it affects over 1400 products, potentially impacting billions of devices.

CISA encourages manufacturers, vendors, and developers to review and update vulnerable Bluetooth System-on-a-Chip (SoC) applications or apply appropriate workarounds.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
UPDATE: AHA and Health-ISAC Threat Advisory: FBI Advises No Specific Credible Threat Targeting Hospitals
Public
Special Bulletin
AHA and Health-ISAC Bulletin on Threat to Hospitals
Member
AHA Center for Health Innovation Market Scan
Rural Hospitals Move to Enhance Cybersecurity
Advancing Health Podcast
Critical Condition: Cybersecurity in Rural Hospitals with Microsoft Part 2
Advancing Health Podcast
Critical Condition: Cybersecurity in Rural Hospitals with Microsoft Part 1
Public
Guides/Reports
Change Healthcare Cyberattack Underscores Urgent Need to Strengthen Cyber Preparedness for Individual Health Care Organizations and as a Field
Public