12 Security Vulnerabilities against Certain Bluetooth IoT Devices
Date Modified: 02/13/2020 11:50 AM EST
Description
Summary
According to theregister.co.uk researchers at Singapore University disclosed 12 security vulnerabilities affecting certain Bluetooth Low Energy (BLE) software development kits (SDKs) from system-on-a-chip (SoC) vendors. The vulnerabilities may allow attackers to “crash or… bypass pairing security to gain arbitrary read and write access to device functions.” Proof-of-concept code and a video demonstrating the crash of a device (Fitbit) are publicly available.
Analysis
The register article quoted Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang with the following statement: "SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing." Their full research paper can be found here.
Patches have been made available for some of the devices that are known to be vulnerable.
The E-ISAC recommends members evaluate IOT devices in use that are BLE enabled and may be vulnerable. Below is a list of the CVEs released with the research:
Vulnerability |
CVE(s) |
Vendor |
Link Layer Length Overflow |
Cypress |
|
LLID Deadlock |
Cypress |
|
Truncated L2CAP |
Dialog |
|
Silent Length Overflow |
Dialog |
|
Public Key Crash |
Texas Instruments |
|
Invalid Connection Request |
Texas Instruments |
|
Invalid L2CAP Fragment |
Microchip |
|
Sequential ATT Deadlock |
STMicroelectronics |
|
Key Size Overflow |
Telink |
|
Zero LTK Installation |
Telink |
For the complete article with additional information, including proof-of-concept code and a video demonstrating the exploitation and crashing of a Fitbit device, please refer to the original article and research paper.
https://www.theregister.co.uk/2020/02/13/dozen_bluetooth_bugs/
https://asset-group.github.io/disclosures/sweyntooth/
https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf