banner



Home  ›  Millions of smartphones, laptops, trucks, planes affected by new Bluetooth flaws — what you need to know

Millions of smartphones, laptops, trucks, planes affected by new Bluetooth flaws — what you need to know

Written By Wednesday, 2 February 2022 Add Comment Edit

Millions of smartphones, laptops, trucks, planes affected by new Bluetooth flaws — what you need to know

Driver setting up a wireless connection between a smartphone and an automotive infotainment system.
(Image credit: metamorworks/Shutterstock)

Researchers accept establish Bluetooth security flaws affecting at least 1,400 different models of commercial products ranging from laptops, smartphones and IoT devices to commercial shipping and heavy trucks. The number of affected devices may run into the tens of millions. Unfortunately, some vendors, including Qualcomm and Texas Instruments, don't programme to ready all the flaws.

So says the team from the Singapore Academy of Engineering science and Design and Singapore's Agency for Science, Technology and Research, who call their collective discoveries "BrakTooth" and have put upwardly a website explaining it all.

  • Hundreds of thousands of home Wi-Fi routers nether attack — what to do
  • Hither are the best Bluetooth speakers
  • Plus: Cyberpunk 2077's Xbox Serial X and PS5 updates could slip to 2022

Nosotros're not going to delve into the technical details, but suffice it to say in that location are at to the lowest degree sixteen unlike flaws affecting at least 13 different systems-on-a-chip (SoCs) or chipsets made by at least eleven different manufacturers, among them Intel, Cypress/Infineon, Harman International, Espressif, Silicon Labs and the same Qualcomm and Texas Instruments.

The flaws could cause software crashes and communications freezes, and could in some cases permit arbitrary lawmaking execution — i.e., hacking.

Here's a video provided by the researchers showing an attack that crashes a pair of JBL Melody 500 headphones.

The exact methods of assail will non be publicly disclosed until Oct. 31 to give vendors more time to deploy patches, but manufacturers can ask the researchers for private disclosure in lodge to examination their devices.

"All the vulnerabilities ... can be triggered without any previous pairing or authentication," notes the research paper.

The flaws affect "classic" Bluetooth, i.e. Bluetooth versions i.0 through 3.0. They practice non affect Bluetooth Low Energy (BLE), also chosen Bluetooth 4.0 through 5.two, which is fundamentally dissimilar. However, almost all BLE-compatible devices are compatible with earlier forms of Bluetooth, rendering the devices vulnerable.

Afflicted devices

In addition to the JBL headphones, devices that the researchers tested themselves and were proven to be vulnerable included a Xiaomi Pocophone F1 smartphone, a Xiaomi MDZ-36-DB Bluetooth speaker and several evolution kits involving virtually a dozen SoCs.

The researchers figured out that near 1,400 unlike devices use the vulnerable SocS, including the Microsoft Surface Book iii, Surface Get 2, Surface Laptop 3 and Surface Pro 7; the Dell Optiplex 5070 desktop PC, the Alienware m17 R3 gaming laptop and "many more" Dell PCs; the Sony Xperia XZ2 and Oppo Reno 5G CH1921 smartphones; an Ericsson dwelling-entertainment hub used by professional person installers; at least 2 but likely "many more" Walmart onn.-brand Bluetooth speakers; a Panasonic soundbar; the infotainment systems of some low-cal and commercials airfract, equally well as some Volvo heavy trucks; and at least two industrial devices.

"Every bit the BT stack is often shared across many products, information technology is highly probable that many other products (beyond the 1400 entries observed in Bluetooth listing) are afflicted by BrakTooth," write the researchers.

Patch status

Three companies have already released patches for the flaws, including Espressif and Cypress/Infineon, said the researchers. Intel and Qualcomm are developing patches, while other vendors are investigating the research findings.

Unfortunately, since few of these companies make end-user products, in most cases device makers will have to  contain the patches into their own firmware updates and then pass them on to consumers.

Not all the vendors appear to be cooperating. The researchers said that Harman International and Silicon Labs "hardly communicated with the team and the status of their investigation is unclear at best."

Meanwhile, Texas Instruments "has successfully replicated the security issue," merely "volition consider producing a patch just if demanded by customers."

Qualcomm is fixing ane flaw, as noted above, but the state of affairs is more complicated with another flaw. It's already been fixed on the most recent version of one chipset, simply Qualcomm "has no plan" to fix it on older versions, and the flaw tin't be stock-still on another chipset due to insufficient memory space.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has too been a dishwasher, fry melt, long-haul driver, lawmaking monkey and video editor. He'due south been rooting effectually in the data-security infinite for more than xv years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Idiot box news spots and even moderated a panel discussion at the CEDIA home-technology briefing. Y'all can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/braktooth-bluetooth-flaws

Posted by: stinsoncappor.blogspot.com

0 Response to "Millions of smartphones, laptops, trucks, planes affected by new Bluetooth flaws — what you need to know"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel