Millions of smartphones, laptops, trucks, planes affected by new Bluetooth flaws — what you need to know
Serious flaws have been found in a dozen Bluetooth hardware modules used worldwide
Researchers have found Bluetooth security flaws affecting at least 1,400 different models of commercial products ranging from laptops, smartphones and IoT devices to commercial aircraft and heavy trucks. The number of affected devices may run into the tens of millions. Unfortunately, some vendors, including Qualcomm and Texas Instruments, don't plan to fix all the flaws.
So says the team from the Singapore University of Technology and Design and Singapore's Agency for Science, Technology and Research, who call their collective discoveries "BrakTooth" and have put up a website explaining it all.
- Hundreds of thousands of home Wi-Fi routers under attack — what to do
- Here are the best Bluetooth speakers
- Plus: Cyberpunk 2077’s Xbox Series X and PS5 updates could slip to 2022
We're not going to delve into the technical details, but suffice it to say there are at least 16 different flaws affecting at least 13 different systems-on-a-chip (SoCs) or chipsets made by at least 11 different manufacturers, among them Intel, Cypress/Infineon, Harman International, Espressif, Silicon Labs and the aforementioned Qualcomm and Texas Instruments.
The flaws could cause software crashes and communications freezes, and could in some cases permit arbitrary code execution — i.e., hacking.
Here's a video provided by the researchers showing an attack that crashes a pair of JBL Tune 500 headphones.
The exact methods of attack will not be publicly disclosed until Oct. 31 to give vendors more time to deploy patches, but manufacturers can ask the researchers for private disclosure in order to test their devices.
"All the vulnerabilities ... can be triggered without any previous pairing or authentication," notes the research paper.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
The flaws affect "classic" Bluetooth, i.e. Bluetooth versions 1.0 through 3.0. They do not affect Bluetooth Low Energy (BLE), also called Bluetooth 4.0 through 5.2, which is fundamentally different. However, almost all BLE-compatible devices are compatible with earlier forms of Bluetooth, rendering the devices vulnerable.
Affected devices
In addition to the JBL headphones, devices that the researchers tested themselves and were proven to be vulnerable included a Xiaomi Pocophone F1 smartphone, a Xiaomi MDZ-36-DB Bluetooth speaker and several development kits involving nearly a dozen SoCs.
The researchers figured out that about 1,400 different devices use the vulnerable SocS, including the Microsoft Surface Book 3, Surface Go 2, Surface Laptop 3 and Surface Pro 7; the Dell Optiplex 5070 desktop PC, the Alienware m17 R3 gaming laptop and "many more" Dell PCs; the Sony Xperia XZ2 and Oppo Reno 5G CH1921 smartphones; an Ericsson home-entertainment hub used by professional installers; at least two but likely "many more" Walmart onn.-brand Bluetooth speakers; a Panasonic soundbar; the infotainment systems of some light and commercials airfract, as well as some Volvo heavy trucks; and at least two industrial devices.
"As the BT stack is often shared across many products, it is highly probable that many other products (beyond the 1400 entries observed in Bluetooth listing) are affected by BrakTooth," write the researchers.
Patch status
Three companies have already released patches for the flaws, including Espressif and Cypress/Infineon, said the researchers. Intel and Qualcomm are developing patches, while other vendors are investigating the research findings.
Unfortunately, since few of these companies make end-user products, in most cases device makers will have to incorporate the patches into their own firmware updates and then pass them on to consumers.
Not all the vendors appear to be cooperating. The researchers said that Harman International and Silicon Labs "hardly communicated with the team and the status of their investigation is unclear at best."
Meanwhile, Texas Instruments "has successfully replicated the security issue," but "will consider producing a patch only if demanded by customers."
Qualcomm is fixing one flaw, as noted above, but the situation is more complicated with another flaw. It's already been fixed on the most recent version of one chipset, but Qualcomm "has no plan" to fix it on older versions, and the flaw can't be fixed on another chipset due to insufficient memory space.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.