So says a team from the Singapore University of Technology and Design and the Singapore Science and Technology Research Agency, who collectively call their findings "BrakTooth" and have set up a website to explain it all.
I'm not going to delve into the technical details, but at least 11 different manufacturers, including Intel, Cypress/Infinion, Harman International, Espressif, Silicon Labs, and the aforementioned Qualcomm and Texas Instruments, have manufactured Suffice it to say that there are at least 16 different defects affecting at least 13 different system-on-chips (SoCs) or chipsets. [The flaws can cause software crashes and communication freezes, and in some cases can allow arbitrary code execution, i.e., hacking.
A video provided by a researcher describes an attack that crashes JBL Tune 500 headphones.
The exact attack method will not be released until October 31 to give vendors time to deploy patches, but manufacturers can ask researchers to release it privately in order to test their devices.
"All vulnerabilities can be triggered without pairing or authentication," the research paper notes.
The flaws affect "classic" Bluetooth, i.e., Bluetooth versions 1.0 through 3.0. It does not affect Bluetooth Low Energy (BLE), also known as Bluetooth 4.0 to 5.2, which is fundamentally different. However, nearly all BLE-compatible devices are compatible with earlier Bluetooth, making the devices vulnerable.
In addition to the JBL headphones, devices that the researchers tested themselves and proved vulnerable include the Xiaomi Pocophone F1 smartphone, the Xiaomi MDZ-36-DB Bluetooth speaker, and several development kits containing nearly 10 SoCs
The Xiaomi Pocophone F1 is the first of its kind.
Researchers have also found Microsoft Surface Book 3, Surface Go 2, Surface Laptop 3, Surface Pro 7, Dell Optiplex 5070 desktop PC, Alienware m17 R3 gaming laptop, and "more more" Dell PCs, Sony Xperia XZ2 and Oppo Reno 5G CH1921 smartphones, Ericsson home entertainment hubs used by professional installers, at least two, but perhaps "even more" Walmart onn. brand Bluetooth speakers, Panasonic soundbars, infotainment systems for some light trucks and commercial vehicles, Volvo heavy trucks, and at least two industrial devices.
"Because the BT stack is often shared by many products, it is likely that many more products (besides the 1400 entries observed in the Bluetooth list) are affected by BrakTooth," the researchers wrote.
Three companies, including Espressif and Cypress/Infineon, have already released patches for the flaw, the researchers said. Intel and Qualcomm are developing patches, while other vendors are investigating the study's findings.
Unfortunately, few of these companies manufacture end-user products, so in most cases device manufacturers will have to incorporate the patch into their firmware updates and pass it on to consumers. [Not all vendors seem to be cooperating. According to the researchers, Harman International and Silicon Labs "have had little contact with the team and the status of the investigation is unclear at best."
Texas Instruments, on the other hand, says it has "successfully reproduced the security issue" but will "only consider making a patch if requested by a customer."
Qualcomm has fixed one flaw as described above, but the situation is more complicated by another flaw. The latest version of one chipset has already fixed the problem, but Qualcomm has "no plans" to fix it in earlier versions, and another chipset is unable to fix the defect due to insufficient memory capacity.
.
Comments