Description

Summary

According to theregister.co.uk researchers at Singapore University disclosed 12 security vulnerabilities affecting certain Bluetooth Low Energy (BLE) software development kits (SDKs) from system-on-a-chip (SoC) vendors. The vulnerabilities may allow attackers to “crash or… bypass pairing security to gain arbitrary read and write access to device functions.” Proof-of-concept code and a video demonstrating the crash of a device (Fitbit) are publicly available.

Analysis

The register article quoted Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang with the following statement: "SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing." Their full research paper can be found here.

Patches have been made available for some of the devices that are known to be vulnerable.

The E-ISAC recommends members evaluate IOT devices in use that are BLE enabled and may be vulnerable. Below is a list of the CVEs released with the research:

Vulnerability	CVE(s)	Vendor
Link Layer Length Overflow	CVE-2019-16336 CVE-2019-17519	Cypress NXP
LLID Deadlock	CVE-2019-17061 CVE-2019-17060	Cypress NXP
Truncated L2CAP	CVE-2019-17517	Dialog
Silent Length Overflow	CVE-2019-17518	Dialog
Public Key Crash	CVE-2019-17520	Texas Instruments
Invalid Connection Request	CVE-2019-19193	Texas Instruments
Invalid L2CAP Fragment	CVE-2019-19195	Microchip
Sequential ATT Deadlock	CVE-2019-19192	STMicroelectronics
Key Size Overflow	CVE-2019-19196	Telink
Zero LTK Installation	CVE-2019-19194	Telink

For the complete article with additional information, including proof-of-concept code and a video demonstrating the exploitation and crashing of a Fitbit device, please refer to the original article and research paper.

https://www.theregister.co.uk/2020/02/13/dozen_bluetooth_bugs/

https://asset-group.github.io/disclosures/sweyntooth/

https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf

https://youtu.be/Iw8sIBLWE_w