Researchers recently uncovered a suite of vulnerabilities (SweynTooth) related to the Bluetooth Low Energy (BLE) protocol that could impact medical devices that contain the affected SDKs of system-on-a-chip (SoC) BLE modules.
According to the researchers at the Singapore University of Technology and Design, SweynTooth captures a family of 12 vulnerabilities (more under non-disclosure) across different BLE software development kits (SDKs) of seven major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws in specific BLE SoC implementations that allow an attacker in radio range to trigger deadlocks, crashes and buffer overflows or completely bypass security.
SweynTooth vulnerabilities have been found in the BLE SDKs sold by major SoC vendors, such as Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics, Telink Semiconductor, and others. It is still unknown if any of these vulnerabilities affect any medical devices (including the newest implantable devices that have direct BLE connectivity with a patient’s cellphone).