BrakTooth vulnerability found to be affecting billions of Bluetooth devices

While many manufacturers have already patched the flaws in their products, some are in the process of investigating and producing fixes.

A security research group from the Singapore University of Technology and Design has found a set of new security vulnerabilities in Bluetooth modules found in billions of devices. The vulnerabilities, collectively known as BrakTooth, allow attackers to crash or freeze devices or, in the worst-case scenarios, execute malicious code and take over entire systems.Researchers said they only examined the Bluetooth software libraries for 13 SoC boards from 11 vendors for their tests.

The Bluetooth stacks found to be vulnerable are used in System-on-Chip (SoC) boards from various big-name manufacturers, including Qualcomm, Texas Instruments, and Silicon Labs. Many smartphones and laptops have been affected due to this security flaw. While many manufacturers have already patched the flaws in their products,some are in the process of investigating and producing fixes.

Texas Instruments has however told that it will consider producing a patch only if demanded by customers. Qualcomm has already patched the flaw in some of its devices, while some products are still pending. The researchers said that the vulnerabilities have already been reported to the respective vendors. Also, four of the BrakTooth vulnerabilities have received bug bounty from Espressif System and Xiaomi. As the BT stack is often shared across many products, probably, many other products (beyond the ≈1400 entries observed in Bluetooth listing) are affected by BrakTooth.