Broadcom and Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches. We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework. https://github.com/seemoo-lab/internalblue https://bird.makeup/@tarlogic/1897620731984273469
See Tweet