Bluetooth vulnerability, several smartphones put at risk

Computer security researchers at the University of Singapore recently discovered several SweynTooth security vulnerabilities that affect Bluetooth Low Energy technology.

The fact that this latest technology is embedded in several chip systems such as Cypress, Dialog, Microchip, Semiconductors… In all, more than fifteen systems on chips that can easily be found in about 450 products would be affected by the vulnerability. This security flaw was then called SweynTooth.

This article will also interest you: Devices that work with Bluetooth technology would be vulnerable

There is nothing new about this, we know all Bluetooth technologies do not escape a few vulnerabilities here and there. we remember the discovery made by security specialists regarding the CVE-2018-5383 flaw, which could allow computer hacking specialists to not only intercept data exchanges, but also damage them. Some security vulnerabilities have only just been discovered offering the same possibilities.

Regarding the SweynTooth vulnerability, researchers discovered are experts technology and technology University of Singapore and are known as Matheus E. Garbelini, Sudipta Chattopadhyay, Chundong Wang. They managed to lay bare more than a dozen of these. "Vulnerabilities can be used by a attacker that is in the Bluetooth emission field and can make plant the affected devices, force a restart, block them or bypass secure BLE coupling mode and access reserved functions authorized users," bleepingcomputer explains.

Apparently, since the end of 2019, researchers had discovered all of these flaws, but because of the protocol, it took 90 days to make an official publication to announce it. Among these vulnerabilities, "There are Zero LTK Installation (CVE-2019-19194), Link Layer Length Overflow (CVE-2019-16336 , CVE-2019-1751 Link Layer LLID deadlock (CVE-2019-17061 and CVE-2019-17 Truncated L2CAP (CVE-2019-17517 ), Silent Length Overflow (CVE-) 2019-17518 ), Invalid Connection Request (CVE-2019-19193 ), Unexpected Public Key Crash (CVE-2019-17520 ), Sequential ATT Deadlock ( CVE-2019-19192), Invalid L2CAP fragment (CVE-2019-19195) and Key Size Overflow (CVE-2019-19196). »

Hundreds of devices around the world uses these different chips affected by the vulnerabilities mentioned above. Many accessories use it connected watches, home automation management systems…

However, chip manufacturers and other suppliers of devices affected by the security vulnerabilities have not yet made official statements regarding potential security fixes. This could perhaps mean that all devices already in circulation are not only vulnerable, but could have already been victims of the few previously undeclared computer attacks. What would be wise then is to advise users of the tools already in circulation to be very careful about their use. See it will not be available if no security updates are offered until then. In fact, users of the various tools concerned with generality should if possible, and this is important to do security checks of their systems to ensure that there has been no intrusion.

Now access an unlimited number of passwords: