Expert Analysis Of Twelve Critical Flaws Within Bluetooth Low Energy Devices Produced By Over 480 Different Vendors

Security researchers have disclosed a dozen flaws in the implementation of the Bluetooth Low Energy technology on multiple system-on-a-chip (SoC) circuits that power at least 480 from various vendors. Collectively named SweynTooth, the vulnerabilities can be used by an attacker in Bluetooth range can crash affected devices, force a reboot by sending them into a deadlock state, or bypass the secure BLE pairing mode and access functions reserved for authorized users.

Experts Comments

February 14, 2020
Erich Kron
Security Awareness Advocate
KnowBe4
his is significant due to the large number of devices that are impacted by these flaws. Bluetooth Low Energy (BLE) communication has become a standard in everything from high-end medical equipment to low dollar smart home fixtures and everything in between. Although patches are available for many of the impacted chips, whether vendors will provide those patches for the devices they have manufactured is another story completely. Because so many devices, especially in the smart home arena or .....Read More
his is significant due to the large number of devices that are impacted by these flaws. Bluetooth Low Energy (BLE) communication has become a standard in everything from high-end medical equipment to low dollar smart home fixtures and everything in between. Although patches are available for many of the impacted chips, whether vendors will provide those patches for the devices they have manufactured is another story completely. Because so many devices, especially in the smart home arena or Internet of Things (IoT) space are built for the lowest cost possible and the features are changing so quickly, support for updates is often abandoned quickly as they move to new devices. Organizations cannot afford to continue to update devices with software and security patches for very long at these rock bottom prices. This results in vulnerable devices littering smart homes and offices. This is a key reason people should research the manufacturers of the devices and look for a pattern of failures to provide support very long after the sale.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.