A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range

2020-02-13 12:00

A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy SDKs offered by seven system-on-a-chip vendors.

"SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing," explain Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang, in a research paper [PDF] describing the BLE bugs.

About 480 products use the affected SoCs though not all are necessarily affected.

"VivaCheck Laboratories, which manufactures blood glucose meters, has many products listed to use DA14580," they say in their paper, "Hence all these products are potentially vulnerable to the Truncated L2CAP attack. Even worse, Syqe Medical Ltd. and their programmable drug delivery inhalation platform is affected alongside the latest pacemaker related products from Medtronic Inc.".

August Home Inc and Eve Systems products rely almost entirely on DA14680, which is still unpatched even after a responsive disclosure period of more than 90 days."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/13/dozen_bluetooth_bugs/

#bluetooth #hack

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Bluetooth		4	3	10	3	0	16