#1 Trusted Cybersecurity News Platform
The Hacker News Logo

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched.

All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple system-on-a-chip (SoC) have implemented Bluetooth Low Energy (BLE) wireless communication technology—powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi.

According to the researchers, hackers in close physical proximity to vulnerable devices can abuse this vulnerability to remotely trigger deadlocks, crashes, and even bypass security in BLE products, allowing them to arbitrary read or write access to device's functions that are otherwise only allowed to be accessed by an authorized user.

"As of today, SweynTooth vulnerabilities are found in the BLE SDKs sold by major SoC vendors, such as Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Semiconductor," the researchers from the Singapore University of Technology and Design said.


Here is a list and brief information on all 12 SweynTooth vulnerabilities:


The detailed report says affected products include consumer electronics, smart home devices, wearables, and are also being used in the logistics and healthcare industry, malfunctioning of which can lead to hazardous situations.


"The most critical devices that could be severely impacted by SweynTooth are the medical products. VivaCheck Laboratories, which manufacture Blood Glucose Meters, has many products listed to use DA14580," the researchers said.

"Hence all these products are potentially vulnerable to the Truncated L2CAP attack. Even worse, Syqe Medical Ltd. and their programmable drug delivery inhalation platform (Syqe Inhaler v01) is affected alongside the latest pacemaker related products from Medtronic Inc."

According to the report, researchers disclosed these flaws last year to all affect vendors, many of which have now released patches for their respective SoCs.

Wheres, products developed by some SoC vendors, including Dialog, Microchip, and STMicroelectronics, are unpatched at the time of the disclosure.
➤ Read Latest Stories

Exclusive Cybersecurity Deals

📰 News Stories from 17 Feb, 2020