Bluetooth technology is currently a widely-used communication technology. A vulnerability may affect hundreds of millions of devices around the world. If more manufacturers are affected by the vulnerability, the scale of the affected devices may continue to increase, such as the discovery this time. The BrakTooth vulnerability may affect more than 1 billion devices.
The vulnerability was discovered by researchers at the Singapore University of Technology and Design. For this series of vulnerabilities, researchers have discovered a total of 16 new security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four (4) vulnerabilities are pending CVE assignment from Intel and Qualcomm. The method of exploitation is not complicated but not simple. The attacker only needs the ESP32 development kit and uses the LMP firmware to launch an attack by exploiting the vulnerability.
The research found that Bluetooth chips from Intel, Qualcomm, Texas Instruments, Zhuhai Jieli Technology, Bluetrum Technology, Actions Technology, Espressif Systems, Harman International, and Silicon Labs are all affected by the vulnerability. Bluetooth chips produced by these companies It is widely used in desktops, laptops, smartphones, Internet of Things devices, infotainment systems, audio equipment (headphones, Bluetooth speakers), keyboards and mice, toys, and industrial control equipment (such as PLC).
Therefore, the researchers conservatively estimate that the vulnerability that appears this time affects at least 1 billion devices worldwide, and the exploiter can tamper with the Bluetooth firmware, block the Bluetooth connection, device deadlock, and code execution, etc. Of course, to exploit the vulnerability, an attacker needs to connect within the Bluetooth range. Therefore, it may be difficult to launch a large-scale and widespread attack.