Security News > 2020 > February > A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range

A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range
2020-02-13 12:00

A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy SDKs offered by seven system-on-a-chip vendors.

"SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing," explain Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang, in a research paper [PDF] describing the BLE bugs.

About 480 products use the affected SoCs though not all are necessarily affected.

"VivaCheck Laboratories, which manufactures blood glucose meters, has many products listed to use DA14580," they say in their paper, "Hence all these products are potentially vulnerable to the Truncated L2CAP attack. Even worse, Syqe Medical Ltd. and their programmable drug delivery inhalation platform is affected alongside the latest pacemaker related products from Medtronic Inc.".

August Home Inc and Eve Systems products rely almost entirely on DA14680, which is still unpatched even after a responsive disclosure period of more than 90 days."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/13/dozen_bluetooth_bugs/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bluetooth 4 0 9 7 0 16