Bluetooth Bug Puts Billions Of Windows 10, Android Devices At Risk
Security experts have discovered 16 different vulnerabilities with Bluetooth connections that could put over a billion Windows 10 and Android users at risk.
The security flaws, collectively known as ‘BrakTooth’ impact a number of devices that use Bluetooth to connect external products. The vulnerabilities impact chips crated by Qualcomm, Intel and Texas Instruments, which are used in a wide number of devices, including Samsung, OnePlus and Google Pixel devices, Microsoft Surface laptop, Dell desktop computers, and many more.
Researchers from Singapore University looked into just 13 different chips from 11 vendors for the study, and estimate the flaw could be found in at least 1,400 chip components, across over one billion Bluetooth devices.
As for the actual risk, a ‘bad actor’ would have to be within Bluetooth connection range to do any real damage.
“The researchers emphasise the lack of basic tests in Bluetooth certification to validate the security of Bluetooth Low Energy (BLE) devices,” Security experts Malwarebytes point out.
“The BrakTooth family of vulnerabilities revisits and reasserts this issue in the case of the older, but yet heavily used Bluetooth classic (BR/EDR) protocol implementations.
“The advice to install patches and query your vendor about patches that are not (yet) available will not come as a surprise. We would also advise users to disable Bluetooth on devices that do not need it.
“This way you can prevent attackers from sending you malformed LMP packets. Since BrakTooth is based on the Bluetooth Classic protocol, an adversary would have to be in the radio range of the target to execute the attacks. So, in a safe environment Bluetooth can be enabled.”