BrakTooth: security researchers reveal 16 serious Bluetooth flaws affecting billions of devices


Security researchers from the Singapore University of Technology and Design have disclosed a new family of security vulnerabilities in commercial Bluetooth stacks used in billions of devices. Collectively known as BrakTooth, the vulnerabilities pose a range of risks including remote code execution and DoS via crashes and deadlocks.

The Bluetooth stacks found to be vulnerable are used in System-on-Chip (SoC) boards from various big-name manufacturers including Qualcomm, Texas Instruments and Silicon Labs; numerous Microsoft products are also affected, including Surface Pro 7, Surface Laptop 3, Surface Book 3 and Surface Go 2.

See also:


The ASSET (Automated Systems Security) Research Group says that the 16 vulnerabilities include 20 CVEs as well as four which are still awaiting CVE assignment. Preliminary research shows that BrakTooth afflicts at least 1,400 individual products, but as the Bluetooth stack is often shared across many products, it is likely that this figure is actually much higher.

While a number of manufacturers have already patched the flaws in their products and others are in the process of investigating and producing fixes, this is not true of all companies. Texas Instruments, for instance, says that it "will consider producing a patch only if demanded by customers". Qualcomm has patched the flaws in some of its own affected devices, but there are some products with the vulnerability which it has no plan to patch

The researchers say:

All the vulnerabilities are already reported to the respective vendors, with several vulnerabilities already patched and the rest being in the process of replication and patching. Moreover, four of the BrakTooth vulnerabilities have received bug bounty from Espressif System and Xiaomi. An exploration on Bluetooth listing  reveals that BrakTooth affects over 1400 product listings. BrakTooth exposes fundamental attack vectors in the closed BT stack. As the BT stack is often shared across many products, it is highly probable that many other products (beyond the ≈1400 entries observed in Bluetooth listing) are affected by BrakTooth.

The impact of the vulnerability varies greatly between devices. The threat of Arbitrary Code Execution in IoT devices is one of the greatest concerns, however.

In a video, the ASSET Research Group demonstrates Arbitrary Code Execution on the ESP32 SoC:

Full details of the researchers' findings are available here.

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.