Security researchers at the Singapore University of Technology and Design have found as many as 16 vulnerabilities in commercially used Bluetooth stack implementations. Millions of laptops, speakers and IoT devices could be affected.
Huge security vulnerabilities
Commercially used Bluetooth stack implementations (“BrakTooth”) are affected by a whopping 16 security vulnerabilities, according to a report by several security researchers at the Singapore University of Technology and Design.
According to the researchers, these allow denial-of-service attacks that can completely cripple the affected devices and a complete disabling of the Bluetooth connection. One vulnerability even allows remote code execution to run different software on the affected devices.
As part of the investigation, the researchers looked at 13 Bluetooth chips from 11 different manufacturers that had corresponding security vulnerabilities. Since many end devices use the same Bluetooth chips, they assume at least 1,400 affected products. These include, for example, notebooks, smartphones, IoT devices and speakers – meaning that several million end devices could be affected in total.
Patch deployment is slow
To exploit the vulnerabilities, an attacker only needs to be near the vulnerable device. All that is also needed is a “cheap ESP32 development kit” with specific firmware and a PC running a tool. Pairing or prior authentication does not need to be performed in advance, it adds.
However, the research team clarifies that not every device using an affected Bluetooth chipset would necessarily be affected. Nevertheless, the Bluetooth connectivity of corresponding end devices could be significantly impaired.
The researchers plan to make a tool available at the end of October that can be used to execute the exploits. So far, this is only available to manufacturers, who can use it to detect and eliminate the corresponding security vulnerabilities.
Espressif Systems, Infineon and Bluetrum have already succeeded in counteracting the problems with the help of security patches. According to the researchers, the security team at Texas Instruments has given feedback that they would only offer a patch if this was explicitly requested by the customers. Most manufacturers have simply not responded to the team’s request so far.