Security News

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide-and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits used by multiple system-on-a-chip have implemented Bluetooth Low Energy wireless communication technology-powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi.

Nine of the ten bugs can so far only be exploited to force an affected device either to reboot or to hang; only one can potentially be abused by crooks to access your device without needing you to let them pair with it first. The other bugs are somewhat milder - at the moment, all the researchers have been able to do with them is reboot or freeze a device.

"The exploitation of the vulnerabilities translates to dangerous attack vectors against many IoT products released in 2018-2019. At first glance, most of the vulnerabilities affect product's availability by allowing them to be remotely restarted, deadlocked or having their security bypassed," the whitepaper reads. A search on the Bluetooth Listing Search site returns around 480 product listings that employ the affected SoCs, each listing containing multiple products from the same vendor.

A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy SDKs offered by seven system-on-a-chip vendors. "SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing," explain Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang, in a research paper [PDF] describing the BLE bugs.

A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution attacks - without any user interaction. Researchers on Thursday revealed further details behind the critical Android flaw, which was patched earlier this week as part of Google's February Android Security Bulletin.

One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could lead to code execution. While no user interaction is required for the attack to be successful, the adversary needs to know the target device's Bluetooth MAC address and Bluetooth has to be enabled.

Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth. Designated CVE-2020-0022, the flaw was discovered and reported by researchers with German company ERNW who say a fix has been in the works since November.

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I'd never heard...

Mobile apps that work with Bluetooth devices have an inherent design flaw that makes them vulnerable to hacking, a research has found. Where is the issue? The problem lies in the way Bluetooth Low...

Spec design flaw stiffs security of gizmos Roundup Let's run through all the bits and bytes of security news beyond what we've already covered. Also, don't forget our articles from this year's...