Compsmag is supported by its audience. When you buy through links on our website, we may earn an affiliate commission fee. Learn more

Unknown number of Bluetooth LE devices will be affected by the SweynTooth vulnerabilities

Unknown number of Bluetooth LE devices will be affected by the SweynTooth vulnerabilities

A team of researchers based in Singapore, has published a research paper which contains of a set of vulnerabilities, to name SweynTooth to that effect, devices with Bluetooth Low Energy (BLE) protocol.

More specifically, the SweynTooth vulnerabilities and the impact of software development kits (sdks) are responsible for the support of the BLE communication.

This BLE sdks provided by the vendors of the system-on-a-chip (SoC) designers.

Of businesses which are of IoT, smart devices, these soc’s and use them as the basis for the chipset, around which they build their devices. They make use of the BLE SDK is provided by the SoC maker to support communication via the BLE, which is a version of the Bluetooth wireless protocol, designed to use less enegery in order to prevent battery draining on mobile devices and the Internet of Things (IoT) devices.

Six of the suppliers is affected so far. For more information, follow these steps.

This week, three researchers from the Singapore University of Technology and Design (SUTD), said that they did last year to test the BLE Sdk’s from different vendors of SoC and chipsets.

Investigators said they found 12 error (aka the SweynTooth weaknesses in the impact of these BLE Sdk”, which they reported privately to the SoC vendors.

This week, it was announced that the names of the six SoC vendors, which, at the moment we have released new versions of their BLE Sdk will contain the patches at SweynTooth attacks.

The six-party suppliers, which they are, SoC makers like Texas Instruments, NXP, Cypress, Dialog Semiconductor, Microchip, STMicroelectronics, and Telink Semiconductor

“In any case, this is a list of SoC vendors is in terms of that is affected by the SweynTooth,” the researchers said, adding that the new SoC vendors to be added to the list in the future as they release patches.

What products are affected?

The extent of this vulnerability is huge. According to the researchers, the fragile BLE Sdk’s have been used in more than 480 end-user products.

This is a list of products from the likes of fitness-tracking wristbands, smart plugs, smart door locks, smart locks, pet trackers, smart home systems, smart lighting, alarm clocks, glucose meters, and a variety of other communication and medical equipment.

The list is extensive, and includes some of the popular brands such as FitBit, Samsung, and Xiaomi.

In addition, the list of 480 products is likely to grow if the research team is pleased to announce the new SoC and the seller took it in for the next few years.

At the moment it is almost impossible to make an estimate of the actual number of devices that are running the vulnerable, ABLE bodies, and which are now to be subjected to one or more of the 12 SweynTooth attacks.

What are the SweynTooth attacks?

According to the research team, the 12-SweynTooth vulnerabilities, which can be grouped together on the basis of the impact of their operations.

In accordance with the table below, we have three types of SweynTooth attack:

  • Attacks that can crash devices
  • The attacks, which is a reboot of devices, and to force them into a frozen, the (deadlocked) state of
  • Attacks that can bypass the security and allow hackers to take control of the devices

The biggest SweynTooth donwside is that the BLE SDK, patches are provided by the SoC vendors, it will take a while to make their way downstream to the actual user-owned devices.

Patches provided by the SoC vendor have to reach a machine that produces, then you will need to provide to the devices via a firmware update. Since some of the manufacturers will sell a white-label product that can be supplied with a different type of event, it may take a while for the patches to reach the user, if they don’t get lost or severely delayed in a complicated supply chain.

It is one for the Best things about the SweynTooth is exloiting one of these vulnerabilities, which can be done via the internet, allowing the attacker to be in physical proxmity to the device in the on BLE range, which is usually quite small.

For more information about the SweynTooth vulnerabilities, which can be found in a white paper titled,”SweynTooth: with the Release of the Touch over Bluetooth Low Energyon this website.

Compsmag AU