Researchers have found Bluetooth vulnerabilities that affect at least 1,400 commercial products, from laptops, smartphones, and IoT devices to commercial aircraft and heavy trucks. Unfortunately, some vendors, including Qualcomm and Texas Instruments, do not plan to fix all bugs.
This is what the team at the Singapore University of Technology and Design and the Singapore Agency for Science, Technology and Research say, who call their joint discoveries “BrakTooth” and have set up a website that explains everything.
We won’t go into the technical details, but suffice it to say that there are at least 16 different bugs affecting at least 13 different System-on-a-Chip (SoCs) or chipsets from at least 11 different manufacturers. Intel, Cypress / Infineon, Harman International, Espressif, Silicon Labs, and the aforementioned Qualcomm and Texas Instruments.
The bugs can cause software crashes and communications breakdowns, and in some cases allow arbitrary code to run – that is, hacking.
Here is a video provided by the researchers showing an attack that crashed a pair of JBL Tune 500 headphones.
The exact attack methods won’t be made public until October 31st to give vendors more time to deploy patches, but manufacturers can ask researchers for private disclosure to test their devices.
“All vulnerabilities … can be triggered without prior pairing or authentication,” says the research paper.
The deficiencies concern “classic” Bluetooth, i.e. Bluetooth versions 1.0 to 3.0. They have no influence on Bluetooth Low Energy (BLE), also called Bluetooth 4.0 to 5.2, which is fundamentally different. However, almost all BLE compatible devices are compatible with earlier forms of Bluetooth, which makes the devices vulnerable.
The devices that the researchers tested themselves and that have proven to be vulnerable include, in addition to the JBL headphones, a Xiaomi Pocophone F1 smartphone, a Xiaomi MDZ-36-DB Bluetooth speaker and several development kits with almost a dozen SoCs.
The researchers found that around 1,400 different devices are using the vulnerable SocS, including the Microsoft Surface Book 3, Surface Go 2, Surface Laptop 3, and Surface Pro 7; the Dell Optiplex 5070 desktop PC, the Alienware m17 R3 gaming laptop, and “many more” Dell PCs; the Sony Xperia XZ2 and Oppo Reno 5G CH1921 smartphones; an Ericsson home entertainment hub used by professional installers; at least two, but probably “many more” Walmart onn branded Bluetooth speakers .; a Panasonic soundbar; the infotainment systems of some light and commercial aircraft and some heavy trucks from Volvo; and at least two industrial devices.
“Since the BT stack is often shared by many products, it is very likely that many other products (apart from the 1400 entries in the Bluetooth list) are affected by BrakTooth,” the researchers write.
Three companies have already released patches for the bugs, including Espressif and Cypress / Infineon, the researchers said. Intel and Qualcomm are developing patches while other vendors examine the research.
Unfortunately, because few of these companies make end-user products, in most cases device manufacturers have to incorporate the patches into their own firmware updates and then distribute them to consumers.
Not all providers seem to be cooperating. The researchers said Harman International and Silicon Labs “barely communicated with the team and the status of their investigation is unclear at best”.
Meanwhile, Texas Instruments has “successfully replicated” the security issue, but “will only consider patching if requested by customers.”
Qualcomm fixes a bug as mentioned above, but the situation is more complicated with another bug. It has already been fixed on the latest version of one chipset, but Qualcomm “has no plan” to fix it on older versions and the bug cannot be fixed on another chipset due to insufficient disk space.
Today’s best UE Wonderboom deals