Over a billion Android and Windows device users around the world have been discovered compromised by a new vulnerability. This particular weakness has been found in the Bluetooth chip firmware produced by a variety of SoC vendors, among which are Qualcomm, Silicon Labs, Intel, and others.
So far, only three SoC manufacturers have issued patches to protect against future BrakTooth hacks, and these are BluTrum, Expressif, and Infineon. The rest of them, including Intel and Qualcomm, have yet to address the issue, which means that millions devices are still left unprotected.
Products that are known to have been exploited to Braktooth hacking include (but are not limited to):
- Smartphones – Pocophone F1, Oppo Reno 5G, etc.
- Dell laptops – Optiplex, Alienware, etc.
- Microsoft Surface devices – Surface Go 2, Surface Pro 7, Surface Book 3, etc.
Bluetooth vulnerabilities are nothing new, as plenty of hackers in the past have used this method to gain illegal access to Bluetooth-enabled devices to eavestrop, bug the victim’s phone, steal data or execute harmful commands, or even fully take over their device. While it has often been the actual Bluetooth standard that exposed itself to certain infiltration and required updating, however, this time the Bluetooth chip firmware is entirely to blame for these BrakTooth hacks.
A YouTube video from ASSET Research Group briefly explains the process by which BrakTooth infiltration works, executing unauthorized code on vulnerable devices (although the language may be difficult to process for those unfamiliar with code):