Bluetooth is riddled with nasty security flaws — your devices could be in trouble

Bluetooth Impersonation Attacks
(Image credit: Snappa)

Bluetooth is a widely used protocol that facilitates short-range communication between devices. We use it to connect our favorite peripherals such as the Apple AirPods Pro, the Xbox Series X controller and more. However, a new study published by the Singapore University of Technology and Design uncovers the nasty security holes associated with Bluetooth.

The cybersecurity investigators discovered a new family of Bluetooth security flaws dubbed "BrakTooth," which includes a number of vulnerabilities, including denial of service (DoS) via firmware deadlocks and crashes, and arbitrary code execution (ACE).

How BrakTooth wreak havoc on your Bluetooth-enabled devices

Thirteen Bluetooth devices from 11 vendors were evaluated in the study. The researchers discovered 16 new security holes within the Bluetooth protocol as well as 20 common vulnerability exposures. Some of the affected chipsets come from SoC manufacturers such as Intel, Qualcomm, Texas Instruments and Cypress.

BrakTooth is as vicious as it sounds. It sinks its teeth into the integrity of the Bluetooth protocol, leaving consumers vulnerable to being targets of cybercriminal attacks. As mentioned, one of the potential consequences of BrakTooth is a DoS attack, which involves an ill-intentioned actor shutting down a machine or network and rendering it inaccessible to users. According to the study, an attacker can use a malicious paging technique that "exhausts" Bluetooth-supported SoCs, which can affect connectivity and trigger firmware crashes.

Researchers discovered DoS vulnerabilities in laptops and smartphones that are equipped with Intel AX200 and Qualcomm WCN3990 SoCs.

One of the most critical security flaws investigators unearthed is an arbitrary code execution attack. This means that some devices are susceptible to receiving malicious commands from the cybercriminal, allowing attackers to take complete control over the system. Researchers discovered arbitrary code execution attacks in Wi-Fi and Bluetooth IoT devices in markets such as smart home, fitness, industry automation and more.

The study revealed that BrakTooth's impact is widespread, affecting 1,400 different product categories, including audio equipment, smartphones, laptops and more.

Thankfully, the researchers say that all the vulnerabilities were reported to the respective vendors, and the flaws are already patched or in the process of being fixed.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!