12 Security Vulnerabilities against Certain Bluetooth IoT Devices

Posting ID 122961
Date Added: 2/13/2020
Date Modified: 2/13/2020
Carlo Castaneda | E-ISAC Staff

Description

Summary

According to theregister.co.uk researchers at Singapore University disclosed 12 security vulnerabilities affecting certain Bluetooth Low Energy (BLE) software development kits (SDKs) from system-on-a-chip (SoC) vendors. The vulnerabilities may allow attackers to “crash or… bypass pairing security to gain arbitrary read and write access to device functions.” Proof-of-concept code and a video demonstrating the crash of a device (Fitbit) are publicly available.

Analysis

The register article quoted Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang with the following statement: "SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing." Their full research paper can be found here.

Patches have been made available for some of the devices that are known to be vulnerable.

The E-ISAC recommends members evaluate IOT devices in use that are BLE enabled and may be vulnerable. Below is a list of the CVEs released with the research:

Vulnerability

CVE(s)

Vendor

Link Layer Length Overflow

CVE-2019-16336
CVE-2019-17519

Cypress
NXP

LLID Deadlock

CVE-2019-17061
CVE-2019-17060

Cypress
NXP

Truncated L2CAP

CVE-2019-17517

Dialog

Silent Length Overflow

CVE-2019-17518

Dialog

Public Key Crash

CVE-2019-17520

Texas Instruments

Invalid Connection Request

CVE-2019-19193

Texas Instruments

Invalid L2CAP Fragment

CVE-2019-19195

Microchip

Sequential ATT Deadlock

CVE-2019-19192

STMicroelectronics

Key Size Overflow

CVE-2019-19196

Telink

Zero LTK Installation

CVE-2019-19194

Telink

For the complete article with additional information, including proof-of-concept code and a video demonstrating the exploitation and crashing of a Fitbit device, please refer to the original article and research paper.

https://www.theregister.co.uk/2020/02/13/dozen_bluetooth_bugs/

https://asset-group.github.io/disclosures/sweyntooth/

https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf

https://youtu.be/Iw8sIBLWE_w

 

 

Category Type:
Cyber Security
TLP - White
Shared Count (28)
  • Advanced Portal Users Group
  • ANL
  • Canadian CERTs
  • CRISP - Cyber Risk Info Sharing Program
  • DHS - NICC, NCCIC, US-CERT, etc
  • DNG-ISAC
  • DNG-ISAC Portal
  • DOD
  • DOE Complex
  • E-ISAC Administrators
  • E-ISAC AOO Members
  • E-ISAC Staff
  • ESCC, including SEWG
  • FBI, LE Fusion
  • FERC - OEIS, etc
  • FS-ISAC
  • International (other ISACs, CERTs)
  • International AOOs
  • Malware Submissions
  • MS-ISAC
  • NERC PR
  • ONG-ISAC
  • Other (inc. local/state commissions)
  • Portal Feedback
  • ThreatConnect Pilot Program
  • Trade Organizations
  • Watch Floor
  • WaterISAC
Change History
  • Admin, 02/13/2020