Researchers discover vulnerabilities that affect thousands of Bluetooth devices
Researchers at the Singapore University of Technology and Design have discovered 16 vulnerabilities in Bluetooth protocols. The vulnerabilities can be used to perform a denial of service, trigger a crash and freeze audio devices.
The researchers examined thirteen different Bluetooth devices with Bluetooth chips from dozens of different manufacturers, including Intel and Qualcomm. The lowest bluetooth version number was 3.0, the highest 5.2. They discovered sixteen new vulnerabilities and twenty already known vulnerabilities. Some devices did not function according to the guidelines and specifications of the Bluetooth standard.
The vulnerabilities allowed the researchers to perform arbitrary code execution on smart home devices running on the affected chips. It was also possible to perform a denial of service attack on laptops and smartphones, as well as freeze Bluetooth audio devices. According to the researchers, at least fourteen hundred products contain these vulnerabilities.
“The vulnerabilities exist because certain specifications of the standard, and the associated protocols, are not complied with,” the researchers say. To protect yourself, the researchers are currently pointing to the use of Bluetooth in public areas. “The vulnerabilities are in the Bluetooth Classic protocol, so a potential hacker would have to be within range of the bluetooth antenna to carry out attacks. It is recommended to be aware of your surroundings when using bluetooth”, it sounds. The researchers also recommend checking the list of affected chips and installing the patches as soon as they become available.
If the patches are not available or provided by the manufacturers, it is recommended to use bluetooth as little as possible on these devices. To be completely sure whether vulnerabilities are present on a device, the researchers refer to a proof of concept that will be published on October 20. More details will be released there.
The 16 vulnerabilities were reported to the chip manufacturers, including Intel, Qualcomm, Texas Instruments, Infineon, Espressif, Bluetrum Technology and Silicon Labs. Bluetrum Technology, Espressif and Infineon have reportedly already released patches. Intel, Qualcomm, Actions and Zhuhai Jieli Technology are said to be investigating some vulnerabilities. Manufacturers Harman International and SiLabs have not responded at the time of publication, according to the researchers.