A new Bluetooth vulnerability has been discovered, and it exposes billions of devices to hacks, including many Android devices. Malwarebytes and Bleeping Computer report that the issue has been found in the Bluetooth chip firmware produced by a number of SoC manufacturers.
Unfortunately, the list of SoC manufacturers contains some of the most popular ones, including Qualcomm, Silicon Labs, Intel, Texas Instruments, and more… 11 in total.
Bluetooth vulnerability ‘BrakTooth’ affects billion of devices
This vulnerability is called ‘BrakTooth’. Vulnerable chips are used by Microsoft Surface laptops, Dell desktops, and several Qualcomm-based smartphone models, it has been reported.
Do note that researchers only examined the Bluetooth software libraries from 13 SoC boards from 11 vendors. The same Bluetooth firmware was most likely used inside over 1,400 chipsets from different vendors. It was used in devices such as smartphones, laptops, IoT devices, audio devices, keyboards, toys, and many more.
The BrakTooth website details 16 vulnerabilities that can be found. It is also noted that 11 SoC vendors were notified about this issue over 90 days ago, before the publishing of these findings. Not all vulnerabilities have been patched, though.
It is said that BrakTooth security flaws “range from denial-of-service (DoS) by crashing the device firmware, or deadlock condition where Bluetooth communication is no longer possible, to arbitrary code”.
In order for someone to take advantage of this vulnerability, it would need an ESP32 development kit, a custom Link Manager Protocol (LMP) firmware, and a computer to run the proof-of-concept (PoC) tool.
Researchers did demonstrate a possible attack
The researchers even decided to demonstrate such an attack, just to give you an idea of what you’re dealing with. The demonstration has been filmed, and uploaded to YouTube. That video has been embedded below the article.
It’s never good to see such vulnerabilities, but at least some of them have been patched. Several others are in the process of being patched, while some are under investigation. You can take a look at the table below for more information regarding that.