› Forums › Security › News (Security) › Bluetooth LE devices impacted by SweynTooth vulnerabilities
Tagged: RFiDNFC_H8
- This topic is empty.
-
AuthorPosts
-
-
March 1, 2020 at 6:27 pm #40814
#News(Security) [ via IoTGroup ]
Headings…
Bluetooth LE devices impacted by SweynTooth vulnerabilities
Six vendors impacted so far. More to follow.
What products are impacted?
What do the SweynTooth attacks do?Auto extracted Text……
A team of academics from Singapore has published this week a research paper detailing a collection of vulnerabilities named SweynTooth that impact devices running the Bluetooth Low Energy (BLE) protocol.
More specifically, the SweynTooth vulnerabilities impact the software development kits (SDKs) responsible for supporting BLE communications.
These BLE SDKs are provided by vendors of system-on-a-chip (SoC) chipsets.
They use the BLE SDK provided by the SoC maker to support communications via BLE, a version of the Bluetooth protocol designed to use less enegery in order to minimize battery drainage on mobile and Internet of Things (IoT) devices.
This week, three researchers from the Singapore University of Technology and Design (SUTD) said they’ve spent last year testing BLE SDKs from several vendors of SoC chipsets.
Researchers said they found 12 bugs (aka the SweynTooth vulnerabilities) that impact these BLE SDKs, which they’ve reported privately to the SoC vendors.
This week, they revealed the names of six SoC vendors which have currently released new versions of their BLE SDKs that contain patches against SweynTooth attacks.
“By no means, this list of SoC vendors is exhaustive in terms of being affected by SweynTooth,” the researchers said, adding that new SoC vendors will be added to the list in the future as they release patches.
According to researchers, the vulnerable BLE SDKs have been used in over 480 end-user products.
Furthermore, the list of 480 products is likely to grow as the research team reveals new SoC vendor names in the coming year.
It is currently near impossible to estimate the actual number of devices that run vulnerable BLE implementations, and which are now exposed to one or more of the 12 SweynTooth attacks.
The biggest SweynTooth donwside is that BLE SDK patches provided by the SoC vendors will take a while to make their way downstream to the actual user-owned devices
Read More..
AutoTextExtraction by Working BoT using SmartNews 1.02976805238 Build 26 Aug 2019
-
-
AuthorPosts
- You must be logged in to reply to this topic.