In a new set of vulnerabilities, Bluetooth on both Android smartphones and Windows 10 devices has been found to be a weak link.
The new security vulnerabilities have been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks.
It is collectively dubbed as ‘BrakTooth’ (referring to the Norwegian word ‘Brak’ which translates to ‘crash’).
According to reports, the flaw has been found to be persistent in several microprocessors which are used by some of the top technology brands in the world.
Also read: MIT develops wireless device for remote monitoring of coronavirus patients
It is estimated by the researchers that the vulnerability affects more than one billion devices that use Bluetooth.
The flaws were disclosed by researchers from the Automated Systems Security (ASSET) Research Group at the Singapore University of Technology and Design (SUTD).
The researchers mention a total of 16 vulnerabilities affecting Bluetooth.
The 16 security vulnerabilities span across 13 Bluetooth chips from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments, covering an estimated 1,400 or more commercial products, including laptops, smartphones, programmable logic controllers, and IoT devices.
According to the research, the security lapse impacts a wide range of smartphones and PCs that may use Bluetooth to connect to an external device like headphones, speakers, mice and keyboards.
The security experts, as mentioned in the research paper, found that the potential damage to a device through BrakTooth largely depends on the type of device and the chipset it uses.
Some of the devices are relatively less at risk and they can be attacked only through a specialised packet pushed to the flawed chipset, and even this can be mostly resolved with a restart.
However, a Bluetooth Classic flaw on some chipsets can allow the hackers to run malicious codes from a remote place, even allowing remote installation of malware on the targeted devices.