Researchers from Singapore University of Technology and Design have discovered 16 vulnerabilities in Bluetooth protocols. The vulnerabilities can be used to perform a denial of service, trigger a crash on devices and freeze audio devices.
The researchers investigated thirteen different Bluetooth devices with Bluetooth chips from dozens of different manufacturers including Intel and Qualcomm. The lowest Bluetooth version number was 3.0, the highest 5.2. They discovered sixteen new vulnerabilities and twenty already known vulnerabilities. Some devices did not function according to the guidelines and specifications of the Bluetooth standard.
The vulnerabilities allowed the researchers to arbitrary code execution run on smart home devices running on the affected chips. It was also possible to denial of serviceattack on laptops and smartphones, and to freeze Bluetooth audio devices. According to the researchers, at least 1,400 products contain these vulnerabilities.
“The vulnerabilities are there because certain specifications of the standard, and the associated protocols, are not complied with,” the researchers say. To protect yourself, the researchers are currently pointing to the use of Bluetooth in public areas. “The vulnerabilities are in the Bluetooth Classic protocol, so a potential hacker would have to be within range of the Bluetooth antenna to carry out attacks. It is recommended to be aware of your surroundings when using Bluetooth “, it sounds. The researchers also recommend that the list of affected chips and install the patches as they become available.
If the patches are not available or provided by the manufacturers, it is recommended to use Bluetooth as little as possible on these devices. To be absolutely sure whether the vulnerabilities are present on a device, the researchers refer to a proof of concept which will be published on October 20. More details will be released therein.
The 16 vulnerabilities were reported to the chip manufacturers, including Intel, Qualcomm, Texas Instruments, Infineon, Espressif, Bluetrum Technology and Silicon Labs. Bluetrum Technology, Espressif and Infineon have reportedly already released patches. Intel, Qualcomm, Actions and Zhuhai Jieli Technology are said to be investigating some vulnerabilities. Manufacturers Harman International and SiLabs have not responded at the time of their publication, according to the researchers.
–