Cybersecurity (opens in new tab) researchers have shared details about a family of bluetooth vulnerabilities that were found on devices from about a dozen system-on-a-chip (SoC (opens in new tab)) vendors including Intel (opens in new tab) , Qualcomm, Texas Instruments, and Cypress.
Collectively referred to as BrakTooth, the security vulnerabilities in the commercial bluetooth stacks were unearthed by researchers from the Singapore University of Technology and Design.
In their explanation (opens in new tab), the researchers note that the vulnerabilities could be exploited for different types of attacks ranging from denial-of-service (DoS), to arbitrary code execution in certain Internet of Things (IoT (opens in new tab)) devices.
- These are the best endpoint protection tools (opens in new tab)
- Check our list of the best firewall apps and services (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
“As of today, we have evaluated 13 BT devices from 11 vendors. We have discovered a total of 16 new security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm,” note the researchers.
Widespread impact
According to the researchers, the affected bluetooth stacks can be found on all kinds of devices, from consumer electronics to industrial equipment.
Their research revealed that BrakTooth affects over 1400 different product types including laptops (opens in new tab), smartphones (opens in new tab), audio equipment (opens in new tab), home entertainment systems, automotive infotainment systems, and more.
While the researchers only say that the number of individual products affected by BrakTooth would be “an order of magnitude higher,” considering the prevalence of the vulnerabilities across vendors and device types, it wouldn’t be wrong to assume that billions of bluetooth devices would be impacted.
“All the vulnerabilities are already reported to the respective vendors, with several vulnerabilities already patched and the rest being in the process of replication and patching,” share the researchers, even as they encourage all bluetooth device vendors to use their proof-of-concept code to test their products against BrakTooth.
- Protect your devices with these best antivirus software (opens in new tab)