Security researchers have disclosed a dozen flaws in the implementation of the Bluetooth Low Energy technology on multiple system-on-a-chip (SoC) circuits that power at least 480 from various vendors. Collectively named SweynTooth, the vulnerabilities can be used by an attacker in Bluetooth range can crash affected devices, force a reboot by sending them into a deadlock state, or bypass the secure BLE pairing mode and access functions reserved for authorized users.
SweynTooth Bug Collection Affects Hundreds of Bluetooth Products – Security researchers have disclosed a dozen flaws in the implementation of the Bluetooth Low Energy technology on multiple system-on-a-chip (SoC) circuits that power at least 480 from var… https://t.co/ev0X2cIFBQ
— G & R Computers (@GRComputers) February 13, 2020
his is significant due to the large number of devices that are impacted by these flaws. Bluetooth Low Energy (BLE) communication has become a standard in everything from high-end medical equipment to low dollar smart home fixtures and everything in between. Although patches are available for many of the impacted chips, whether vendors will provide those patches for the devices they have manufactured is another story completely.
Because so many devices, especially in the smart home arena or Internet of Things (IoT) space are built for the lowest cost possible and the features are changing so quickly, support for updates is often abandoned quickly as they move to new devices. Organizations cannot afford to continue to update devices with software and security patches for very long at these rock bottom prices. This results in vulnerable devices littering smart homes and offices. This is a key reason people should research the manufacturers of the devices and look for a pattern of failures to provide support very long after the sale.