And again: security holes found in Bluetooth. (Image: Shutterstock)
Security researchers at the Singapore University of Technology and Design show 16 new Bluetooth vulnerabilities that affect millions of devices in great detail. The effects of these gaps in commercial Bluetooth stacks range from simple malfunctions to the complete shutdown of the devices to the arbitrary execution of program code in affected IoT devices (IoT: Internet of Things).
Braktooth: loss of function as the main problem
Since most of the vulnerabilities allow a loss of functionality, the researchers named the vulnerability package Braktooth. Brak is Norwegian and means crash in English – in this context it is best to translate it in German as crash. An assessment of the actual degree of threat of the individual vulnerabilities is still pending.
All vulnerabilities are the manufacturers concerned, as far as the researchers could determine, already communicated. Well-known manufacturers such as Intel, Qualcomm, Texas Instruments, Infineon (formerly Cypress) and Harman International are also affected. Due to their widespread use, components from the Chinese manufacturer Zhuhai Jieli have the greatest potential for damage.
Always the same components are installed in countless products, it is difficult to estimate how many devices will ultimately be affected by Braktooth. In any case, it’s not just about insignificant devices that are only needed in niches. The researchers tried to identify at least examples of affected products. They found Surface laptops and tablets from Microsoft and Dell, smartphones from Sony and Oppo, audio and infotainment devices from Panasonic, Becker and Volvo and even lighting controls from Hella. In the following video they show how to crash the firmware of JBL headphones so that they stop working:
where the threat scenario is not cumbersome to create. It is sufficient if the device to be attacked has Bluetooth switched on and it is within radio range. Authentication is not required. Using an ESP32 development kit with modified firmware and a notebook that executed the attack software, the researchers succeeded in reliably attacking affected devices with ESP32 SoC (System-on-a-Chip).
Manufacturers react with reluctance
When the researchers confronted the manufacturers with their findings, they reacted quite differently than expected. So far, only Espressif Systems, Infineon and Bluetrum have published patches for the affected products and made them available to OEMs. Qualcomm and Zhuhai Jieli only want to release patches for some of the affected products. Texas Instruments only wants to react when its customers request it, and Harman and Silabs did not react at all, according to the researchers.
As always, IoT devices are to be viewed particularly critically again with this gap package. Because especially the older devices are not intended for firmware updates, but run for many years, then with insecure software. One could argue that the passage of time also solves the problems. The fact is that Qualcomm chips with ROMs older than 2011 are still being built into new devices.
The Braktooth revelations should definitely use Bluetooth users to determine the status of their respective firmware. The best protection against Bluetooth vulnerabilities is to generally switch off Bluetooth and only activate it if it is to be used immediately. Implementations based on Bluetooth LE (Low Energy) are not affected by Braktooth.
There are always security gaps in Bluetooth found. Critics have been complaining for years that the Bluetooth standard is basically far too complex for its actual use cases such as wireless music streaming. A simpler technology is completely sufficient for this.
