Sweyntooth Bluetooth Module Vulnerabilities

Sweyntooth is a collection of vulnerabilities that are known to affect several Bluetooth Low Energy (BLE) modules from different manufacturers. This potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing, several medical and logistics products could also be affected.

The vulnerabilities are reported to arise from non-conformance to the BLE specification. The most severe vulnerability was found to affect one BLE module and allows an attacker to access an affected device without completing the usual pairing process. The other vulnerabilities can be exploited to cause a denial-of-service (DoS) on a device.

The vulnerabilities can be exploited from within BLE radio range. The product impacts vary depending on how BLE communication is handled and how much operation depends on the affected BLE modules.

The Bluetooth Low Energy (BLE) is a wireless communication technology specially designed to prolong battery life of devices with different power consumption and usage capabilities. BLE consists of a set of many standardised protocols that provide remote connectivity and security between a simple device (peripheral) and the user’s device (central) which is usually a smartphone or a notebook. 

You should seek advice from product vendors about whether your devices are affected and can be updated.

Further information see : https://asset-group.github.io/disclosures/sweyntooth/

CVE Details – For further information :-

• CVE-2019-16336
• CVE-2019-17060
• CVE-2019-17061
• CVE-2019-17517
• CVE-2019-17518
• CVE-2019-17519
• CVE-2019-17520
• CVE-2019-19192
• CVE-2019-19194
• CVE-2019-19195
• CVE-2019-19196