Expert Analysis Of Twelve Critical Flaws Within Bluetooth Low Energy Devices Produced By Over 480 Different Vendors

Security researchers have disclosed a dozen flaws in the implementation of the Bluetooth Low Energy technology on multiple system-on-a-chip (SoC) circuits that power at least 480 from various vendors. Collectively named SweynTooth, the vulnerabilities can be used by an attacker in Bluetooth range can crash affected devices, force a reboot by sending them into a deadlock state, or bypass the secure BLE pairing mode and access functions reserved for authorized users.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Erich Kron
Erich Kron , Security Awareness Advocate
InfoSec Expert
February 14, 2020 2:06 pm

his is significant due to the large number of devices that are impacted by these flaws. Bluetooth Low Energy (BLE) communication has become a standard in everything from high-end medical equipment to low dollar smart home fixtures and everything in between. Although patches are available for many of the impacted chips, whether vendors will provide those patches for the devices they have manufactured is another story completely.

Because so many devices, especially in the smart home arena or Internet of Things (IoT) space are built for the lowest cost possible and the features are changing so quickly, support for updates is often abandoned quickly as they move to new devices. Organizations cannot afford to continue to update devices with software and security patches for very long at these rock bottom prices. This results in vulnerable devices littering smart homes and offices. This is a key reason people should research the manufacturers of the devices and look for a pattern of failures to provide support very long after the sale.

Last edited 2 years ago by Erich Kron
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x