A team of researchers based in Singapore has published a research paper that contains a set of vulnerabilities, to quote SweynTooth accordingly, devices with Bluetooth Low Energy (BLE) protocol.
More specifically, SweynTooth’s vulnerabilities and the impact of software development kits (sdks) are responsible for supporting BLE communication.
This BLE sdks is provided by the suppliers of the system designers on a chip (SoC).
Of the companies that are IoT, smart devices, these companies use them as the basis for the chipset, around which they build their devices. They use the BLE The SDK is provided by the manufacturer of the SoC to support communication through the BLE, which is a version of the Bluetooth wireless protocol, designed to use less power in order to avoid draining the battery on mobile devices and on the Internet of Things (IoT).
So far, six of the suppliers are affected. For more information, follow these steps.
This week, three researchers from the Singapore University of Technology and Design (SUTD) said they did it last year to test BLE Sdk from different SoC and chipset vendors.
The researchers said they found 12 errors (also known as SweynTooth’s weaknesses in the impact of these BLE Sdk ”, which they reported in particular to SoC providers.
This week, it was announced that the names of the six SoC vendors, which, at the time we launched new versions of their BLE Sdk, will contain patches in the SweynTooth attacks.
Third party vendors, which are SoC manufacturers such as Texas Instruments, NXP, Cypress, Dialog Semiconductor, Microchip, STMicroelectronics and Telink Semiconductor
“In any case, this list of SoC vendors is affected by SweynTooth,” said the researchers, adding that new SoC vendors will be added to the list in the future as they release patches.
Which products are affected?
The extent of this vulnerability is enormous. According to the researchers, the fragile BLE Sdk’s were used in more than 480 products for end users.
This is a product list of types of physical tracking bracelets, smart plugs, smart locks, smart locks, pet trackers, smart home systems, smart lighting, alarm clocks, glucose meters and a variety of other medical and health equipment. Communication .
The list is extensive and includes some of the popular brands, such as FitBit, Samsung and Xiaomi.
In addition, the list of 480 products is likely to grow if the research team is happy to announce the new SoC and the seller incorporates it for years to come.
At the moment, it is almost impossible to estimate the actual number of devices that execute the vulnerable ABLE bodies and are now subject to one or more of the 12 SweynTooth attacks.
What are SweynTooth’s attacks?
According to the research team, the vulnerabilities of 12-SweynTooth, which can be grouped based on the impact of their operations.
According to the table below, we have three types of SweynTooth attacks:
- Attacks that can lock devices
- The attacks, which are a reboot of devices, and to force them to a frozen state, of deadlock
- Attacks that can bypass security and allow hackers to take control of devices
The biggest disadvantage of SweynTooth is that the BLE SDK, patches are provided by SoC providers, will take a while to reach the devices owned by the user.
The patches provided by the SoC vendor must arrive at a machine that produces it, so you will need to provide the devices via a firmware update. Since some manufacturers sell a white labeled product that can be shipped with a different type of event, it can take a while for the patches to reach the user, if they are not lost or seriously delayed in a complicated supply chain.
It is one of the best things about SweynTooth that is exposing one of these vulnerabilities, which can be done via the Internet, allowing the attacker to be in physical proximity to the device in the BLE interval, which is usually quite small.
For more information on the SweynTooth vulnerabilities, which can be found in a white paper entitled “SweynTooth: with the launch of Touch over Bluetooth Low Energy on this website.