Cybersecurity researchers discovered 12 potential security vulnerabilities that are considered severe last week. These vulnerabilities, which are identified as “SweynTooth” collectively, impact millions of Bluetooth-enabled wireless smart devices worldwide. In addition, not all of these vulnerabilities are patched. Affected products include consumer electronics, smart home devices, wearables, and electronics used in the logistics and healthcare industry. According to researchers, with these vulnerabilities, hackers who are physically closed to the victim devices can trigger deadlocks, crashes, and even bypass security in Bluetooth Low Energy (BLE) products to read or write access remotely. Here is the brief information regarding all 12 SweynTooth Vulnerabilities:
- Link Layer Length Overflow (CVE-2019-16336, CVE-2019-17519), which allows attackers in radio range to trigger a buffer overflow by manipulating the LL Length Field, primarily leading to a denial of service attacks.
- Link Layer LLID deadlock (CVE-2019-17061, CVE-2019-17060), which triggers deadlock state when a device receives a packet with the LLID field cleared.
- Truncated L2CAP (CVE-2019-17517), which causes a denial of service and crash of the device. This flaw results due to a lack of checks while processing an L2CAP packet.
- Silent Length Overflow (CVE-2019-17518), which causes the peripheral crashes as this is a buffer overflow occurs when a certain packet payload with higher than expected LL Length is sent.
- Invalid Connection Request (CVE-2019-19195), which leads to Deadlock state when devices do not properly handle some connection parameters while the central attempts a connection to the peripheral.
- Unexpected Public Key Crash (CVE-2019-17520), which is present in the implementation of the legacy pairing procedure handled by the Secure Manager Protocol (SMP) implementation and can be used to perform DoS and possibly restart products.
- Sequential ATT Deadlock (CVE-2019-19192), which lets attackers deadlock the peripheral by sending just two consecutive ATT request packets in each connection event.
- Invalid L2CAP fragment (CVE-2019-19195), which can lead to deadlock behavior with improper handling of the PDU size of the packets.
- Key Size Overflow (CVE-2019-19196), which can result in a crash since this overflow in the device memory issue is a combination of multiple bugs found during the pairing procedure of devices.
- Zero LTK Installation (CVE-2019-19194), which affects all products using Telink SMP implementation with support for secure connection enabled. This critical vulnerability is a variation of one of the Key Size Overflow.\
Contact LIFARS Immediately for
Your Cybersecurity Mitigation Plans
Credits:
https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html