Researchers Unveil BrakTooth: 16 Bluetooth Classic Vulnerabilities Expose 1,400+ ESP32 Devices

Researchers at Singapore University of Technology and Design have released a proof‑of‑concept exploit for a family of Bluetooth Classic vulnerabilities they've named BrakTooth, affecting the ESP32 SDK used to program Bluetooth chipsets.

BrakTooth comprises 16 distinct flaws that can lead to anything from system crashes to remote code execution.

The most severe flaw, labeled V1, targets ESP32 SoCs found in industrial automation, smart‑home, and fitness devices, and has already been confirmed to affect certain MacBook and iPhone models. Because the ESP32 BT Library fails to perform an out‑of‑bounds check on specific inputs, an attacker can inject malicious code and potentially seize control of the device.

Other vulnerabilities enable attackers to force disconnects, crash all connections on a paired device, or shut down audio devices. These attacks occur over the Bluetooth network and require only inexpensive Bluetooth hardware and a PC.

The researchers estimate that more than 1,400 chipsets are vulnerable, meaning that a wide range of devices—including IoT gadgets, manufacturing equipment, laptops, and smartphones—could be compromised. Affected vendors include Intel, Texas Instruments, and Qualcomm.

Chipset manufacturers have been notified and many have already issued patches for OEMs and the public. The research team has published a table detailing which vendors have updated what, along with the BrakTooth proof‑of‑concept code.

This group has a track record in Bluetooth security, having previously exposed SweynTooth flaws in Bluetooth LE in 2019 that affected medical devices such as blood glucose meters and pacemakers. Most of those vulnerabilities have since been patched.