These Bluetooth security flaws could affect billions of devices

News
By
published

Vulnerabilities impact everything from speakers, home theaters, laptops, and even car infotainment systems

representational image of multiple devices
(Image credit: Shutterstock)

Cybersecurity researchers have shared details about a family of bluetooth vulnerabilities that were found on devices from about a dozen system-on-a-chip (SoC) vendors including Intel , Qualcomm, Texas Instruments, and Cypress.

Collectively referred to as BrakTooth, the security vulnerabilities in the commercial bluetooth stacks were unearthed by researchers from the Singapore University of Technology and Design. 

In their explanation, the researchers note that the vulnerabilities could be exploited for different types of attacks ranging from denial-of-service (DoS), to arbitrary code execution in certain Internet of Things (IoT) devices. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“As of today, we have evaluated 13 BT devices from 11 vendors. We have discovered a total of 16 new security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm,” note the researchers. 

Widespread impact

According to the researchers, the affected bluetooth stacks can be found on all kinds of devices, from consumer electronics to industrial equipment. 

Their research revealed that BrakTooth affects over 1400 different product types including laptops, smartphones, audio equipment, home entertainment systems, automotive infotainment systems, and more.

While the researchers only say that the number of individual products affected by BrakTooth would be “an order of magnitude higher,” considering the prevalence of the vulnerabilities across vendors and device types, it wouldn’t be wrong to assume that billions of bluetooth devices would be impacted. 

“All the vulnerabilities are already reported to the respective vendors, with several vulnerabilities already patched and the rest being in the process of replication and patching,” share the researchers, even as they encourage all bluetooth device vendors to use their proof-of-concept code to test their products against BrakTooth.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
A man driving a car in the evening.
Skoda security flaws could let hackers remotely track cars
Find My app logo displayed on an iPhone 11 screen
This Find My exploit lets hackers track any Bluetooth device – here’s how you can stay safe
An illustration of a hand holding a set of keys in front of a laptop, accompanied by a padlock symbol, fingerprint, and key.
Thousands of SonicWall VPN devices are facing worrying security threats
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang &amp; Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
A shot showing the flags of New Zealand and South Africa

New Zealand vs South Africa live stream: How to watch ICC Champions Trophy semi-final online (available for free)
See more latest
Most Popular
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases