A large collection of vulnerabilities have been found in Bluetooth chipsets across a range of popular SoC OEMs including Intel, Qualcomm, Texas Instruments, Infineon (Cypress), Silicon Labs and others.
The group of hacks have been dubbed BrakTooth and their impact can range from simply crashing devices using specially crafted Bluetooth Link Manager Protocol packets to executing arbitrary code (CVE-2021-28139).
The hacks have been found on 13 boards from 11 vendors, but may affect as many as 1,400 chipsets.
Products impacted include laptops and desktops from Dell (Optiplex, Alienware), Microsoft Surface devices (Go 2, Pro 7, Book 3), and smartphones (e.g. Pocophone F1, Oppo Reno 5G).
Expressif, Infineon, and Bluetrum have released patches, while other OEMs are still investigating the issue.
If a patch is not available, security vendors advise disabling Bluetooth.
See the hack demoed below: