BrakTooth vulnerability is a name given to a set of 20 vulnerabilities that have been found to affect the Bluetooth stack of multiple vendors and companies. The vulnerability on these Bluetooth devices will enable attackers to cause Denial of service (DoS) attacks on the compromised laptops of Microsoft. Affected systems will either drop the Bluetooth connections or these devices will not be able to make use of the Bluetooth connections.
What Microsoft Surface devices are affected with the BrakTooth Bluetooth vulnerabilities?
As of writing this, the following models of Microsoft Surface devices are affected with BrakTooth Bluetooth vulnerability:
Surface Laptop 3
Surface Go 2
Surface Pro 7
Surface Book 3
Why are Microsoft Surface laptops affected with the BrakTooth vulnerability?
Microsoft surface devices listed above are affected because of the use of Intel AX200 chipset. The vulnerability lies in the Intel chipset. On account of this vulnerability, Microsoft’s Intel-provided Bluetooth driver number Windows – 22.40.0 is affected.
How does the BrakTooth vulnerability affected Microsoft Surface laptops?
The Singapore research team that detected the set of 20 vulnerabilities affecting the BlueTooth stack of multiple products and multiple vendors, mentioned this in their research paper for the vulnerability on Intel AX200 chipset:
sending an invalid packet during the LMP timing accuracy procedure (i.e. packet LMP_timing_acc_request), followed by a forced re-connection with the same BDAddress (any arbitrary BDAdress of choice of the attacker), leads Intel AX200 to reject any externally initiated BT connections for an undetermined amount of time. This persists even after the attack stops and requires user intervention to recover AX200 normal functionalities.
This lists only one possible way to attack the Bluetooth stack. You may read the full research paper to see how the Intel AX200 chipset is affected in a series of steps to cause disruption of the Bluetooth stack on the affected system.
What is the impact of BrakTooth vulnerability on Microsoft Surface laptops?
As per the research paper, the impact on Intel AX200 chipset based devices is mentioned below:
Once the attack is triggered and successful, the attacker can cause DoS via the following AX200 behaviours: (I) paging scan is disabled, which prevents any external device to connect to the target even if the BDAddress is known. This behaviour can be used to trick an user to connect to the attacker’s BT hardware instead of the legitimate target since AX200 paging scan is disabled; (II) Multiple active BT connections cannot be performed from the target. The user requires to manually restart the Bluetooth service to restore normal BT behaviour. On Linux and Windows, BT is recovered by disabling and enabling Bluetooth via their respective configuration menu.
In other words, the impact on the Surface laptops will be in terms of compromised BlueTooth stack. You will not be able to connect to BlueTooth devices from the Surface laptops. To restore functionality of Bluetooth, you may have to disable and then re-enable the Bluetooth on the Surface laptops.
The more significant impact could be in forcing the Bluetooth devices to connect to attacker’s hardware rather than the Surface laptops running on the Intel AX 200 chipset system.
What is the CVE number of the BrakTooth vulnerability that affects Microsoft Surface laptops?
Intel generates its own CVE numbers. Although the company was made aware of the vulnerable nature of the Intel AX200 chipset, the company has not listed the vulnerability under a CVE for reasons of company policy. Intel will publish the CVE number and details of the vulnerability after it has released the patch to fix the BT vulnerability on AX200 chipset.
As of now, Intel is developing the patch for the vulnerability. It expects to release the patch in October.
Summary –
The BrakTooth vulnerability affects multiple Microsoft Surface laptops of Microsoft. The vulnerability lies in the Intel AX200 chipset that is used on the Microsoft Surface laptops. As of now, we expect Intel to release a patch for the vulnerability in the month of October. Associated CVE details of the vulnerability will be updated once the fix for the vulnerability has been released by Intel.
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.