Written by Doroteya Borisova
Over a billion
Android and Windows device users around the world have been discovered compromised by a new vulnerability. This particular weakness has been found in the Bluetooth chip firmware produced by a variety of SoC vendors, among which are Qualcomm, Silicon Labs, Intel, and others.
According to
MSPoweruser, so far, eleven vendors have been accused of designing their Bluetooth firmware with this particular flaw. Thirteen circuit boards produced by these eleven vendors have been infiltrated at this point in time, but as many as 1,400 different systems-on-a-chip (inside both mobile and laptop devices) are vulnerable to these exploits, which have been named “BrakTooth hacks.”
The issue affects over one billion people who own any of the vulnerable Android and Windows devices, running compromised Bluetooth firmware.
So far, only three SoC manufacturers have issued patches to protect against future BrakTooth hacks, and these are BluTrum, Expressif, and Infineon. The rest of them, including Intel and Qualcomm, have yet to address the issue, which means that millions devices are still left unprotected.
Because BrakTooth hacks require that the victim’s Bluetooth be switched on to work, users are being advised to keep their Bluetooth turned off as a sure safeguard, until all firmware patches are released from the manufacturers involved.
Products that are known to have been exploited to Braktooth hacking include (but are not limited to):
- Smartphones – Pocophone F1, Oppo Reno 5G, etc.
- Dell laptops – Optiplex, Alienware, etc.
- Microsoft Surface devices – Surface Go 2, Surface Pro 7, Surface Book 3, etc.
Bluetooth vulnerabilities are nothing new, as plenty of hackers in the past have used this method to gain illegal access to Bluetooth-enabled devices to eavestrop, bug the victim’s phone, steal data or execute harmful commands, or even fully take over their device.
While it has often been the actual Bluetooth standard that exposed itself to certain infiltration and required updating, however, this time the Bluetooth chip firmware is entirely to blame for these BrakTooth hacks.
A YouTube video from ASSET Research Group briefly explains the process by which BrakTooth infiltration works, executing unauthorized code on vulnerable devices (although the language may be difficult to process for those unfamiliar with code):