These Bluetooth security flaws could affect billions of devices

News
By Mayank Sharma
published

Vulnerabilities impact everything from speakers, home theaters, laptops, and even car infotainment systems

representational image of multiple devices
(Image credit: Shutterstock)

Cybersecurity researchers have shared details about a family of bluetooth vulnerabilities that were found on devices from about a dozen system-on-a-chip (SoC) vendors including Intel , Qualcomm, Texas Instruments, and Cypress.

Collectively referred to as BrakTooth, the security vulnerabilities in the commercial bluetooth stacks were unearthed by researchers from the Singapore University of Technology and Design. 

In their explanation, the researchers note that the vulnerabilities could be exploited for different types of attacks ranging from denial-of-service (DoS), to arbitrary code execution in certain Internet of Things (IoT) devices. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“As of today, we have evaluated 13 BT devices from 11 vendors. We have discovered a total of 16 new security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm,” note the researchers. 

Widespread impact

According to the researchers, the affected bluetooth stacks can be found on all kinds of devices, from consumer electronics to industrial equipment. 

Their research revealed that BrakTooth affects over 1400 different product types including laptops, smartphones, audio equipment, home entertainment systems, automotive infotainment systems, and more.

While the researchers only say that the number of individual products affected by BrakTooth would be “an order of magnitude higher,” considering the prevalence of the vulnerabilities across vendors and device types, it wouldn’t be wrong to assume that billions of bluetooth devices would be impacted. 

“All the vulnerabilities are already reported to the respective vendors, with several vulnerabilities already patched and the rest being in the process of replication and patching,” share the researchers, even as they encourage all bluetooth device vendors to use their proof-of-concept code to test their products against BrakTooth.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.