A range of newly discovered vulnerabilities affecting Bluetooth could affect billions of devices that use the common wireless connectivity standard.

Discovered and detailed today by the Automated Systems Security Research Group at the Singapore University of Technology and Design, the family of vulnerabilities has been dubbed “BrakTooth.” The researchers uncovered 16 new security vulnerabilities, with 20 common vulnerability exposures or CVEs already assigned with four pending assignments.

BrakTooth was found in 13 systems-on-chip boards from 11 vendors representing an estimated 1,400 or more commercial devices. The vulnerabilities affect SoC providers, including Intel Corp., Qualcomm Inc., Texas Instruments Inc., Infineon Technologies AG (Cypress) and Silicon Labs Inc. among others.

Sample products using the SoCs affected by BrakTooth include Microsoft Corp. Surface products, Dell Inc. desktops and laptops, smartphones from Sony Corp. and Guangdong Oppo Mobile Telecommunications Corp. Ltd., automotive infotainment systems from Volvo AB and audio products sold by Walmart Inc.

The most critical vulnerability, called CVE-2021-28139, affects ESP32 SoCs from Espressif Systems Shanghai Co. Ltd. that are found in “internet of things” devices used in industry automatic, smart-home devices, personal fitness gadgets and more. The vulnerability is the result of the lack of an out-of-bounds check in the ESP32 Bluetooth library that allows an attacker to inject arbitrary code. An attack using the vulnerability could lead to the erasing of data or even the ability to take control of the device.

Another vulnerability found in Intel AX200 Socs and Qualcomm WCN3900 SoCs opens the door to a denial-of-service attack targeted at laptops and smartphones.

Vulnerabilities are commonly found in all sorts of things and Bluetooth has been no exception in the past. The problem usually comes down to vendors providing updates and some are more willing to do so than others. BrakTooth fits the pattern.

The researchers provided all their BrakTooth findings to the vendors affected, but only some took action. According to The Record, only Espressif, Infineon and Shenzen Bluetrum Technology Co. Ltd. have released patches to address the vulnerabilities, while Texas Instruments said it would not be addressing the identified vulnerabilities.

Other vendors have acknowledged the issue but have not given a release date citing internal investigations into how each of the BrakTooth vulnerabilities affects their software stacks and product portfolios.

Image: Singapore University of Technology and Design