A team of academics from Singapore has published a research paper presenting a collection of vulnerabilities called SweynTooth which affects the devices running the Bluetooth Low Energy (BLE) protocol.
To be specific, the SweynTooth vulnerabilities affect the software development kits (SDKs) responsible for supporting BLE communications. These BLE SDKs are provided by vendors of system-on-a-chip (SoC) chipsets.
These SoCs are purchased by companies that manufacture IoT or smart devices and use them as the base chipset around which they build their devices. They use the BLE SDK provided by the SoC maker to support communications via BLE, which is a version of the Bluetooth protocol designed to use less energy to reduce the battery drainage on mobile and Internet of Things (IoT) devices.
Three researchers from the Singapore University of Technology and Design (SUTD) stated that they have conducted various tests of BLE SDKs from several vendors of SoC chipsets.
They discovered 12 bugs (aka the SweynTooth vulnerabilities) that impact these BLE SDKs. They have reported it to the SoC vendors privately.
The names of six SoC vendors who have released new versions of their BLE SDKs with patches against SweynTooth attacks were revealed by the researchers.
It includes SoC makers like Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics, and Telink Semiconductor
The new SoC vendors will be added to the list when they release patches.
The range of these vulnerabilities is very large and the researchers state that BLE SDKs have been used in more than 480 end-user products. It is likely to increase when new SoC vendor names will be revealed.
It includes products likes fitness tracking bracelets, smart plugs, smart door locks, smart locks, pet trackers, smart home systems, smart lighting solutions, alarm clocks, glucose meters, and many other wearables and medical devices.
The list even includes some famous brands like FitBit, Samsung, and Xiaomi.
It is however not possible to calculate the actual number of devices that run vulnerable BLE implementations.
The 12 SweynTooth vulnerabilities can be categorized based on the effect of their exploitation. They are classified into three types of SweynTooth attacks namely
Attacks that crash devices
Attacks that reboot devices and force them into a frozen (deadlocked) state
Attacks that bypass security features and allow hackers to take control of devices
The main drawback of SweynTooth is that the patches provided by the SoC vendors will take time to reach the actual user-owned devices. The patches provided by the SoC vendor has to reach the device manufactures first, which will then be delivered to devices through a firmware update. Some device manufacturers sell white-labeled products that are sold with a different brand on the case. So, it may take time for the patches to reach users.
The only advantage of SweynTooth is that it is not possible to exploit these vulnerabilities over the internet as the attacker has to be in physical proximity to the device, in its BLE range, which is usually very small.