Vulnerabilities in Bluetooth Low Energy protocol discovered

Researchers from the Singapore University of Technology and Design recently discovered 12 bugs in certain implementations of the Bluetooth Low Energy (BLE) protocol. The bugs have been grouped together and named “SweynTooth.” They are found in the BLE software development kits that come with certain “System on a Chip” products. Manufacturers often use these off-the-shelf SoC products to speed up IoT design and development, but these vulnerabilities show how important it is to still conduct proper security testing for all components. 

The SweynTooth vulnerabilities have the potential to impact hundreds of Bluetooth devices, but perhaps the most alarming risk pertains to medical devices. Pacemakers, blood glucose monitors, and other medical devices are critical for patient care and safety, making security a particularly important element. 

You can read more about these vulnerabilities here, but we’d also like to share our thoughts on the findings. 

Bluetooth is complex to implement.  As a result, companies tend to use SoC bluetooth devices that already have the Bluetooth protocol stack implemented on them. However, the protocol stacks implemented are often no more than a “reference design” and are not fully hardened in terms of security.  Bringing these protocol stacks into an application, particularly a life-critical application, is not suitable. It would not even meet the strict requirements that such applications must follow. 

When adding any incoming interface to a system, a thorough security and data privacy review should be performed to access the impact of the new interface. In this case, the best way to consider adding Bluetooth support to an application is to keep the Bluetooth SoC and its relevant protocol stack at arms-length in the design. 

A careful review of the design is required to isolate the interface and ensure that data is always encrypted while in transit and at rest. In addition, a worst-case analysis of an attacker gaining complete control over the Bluetooth SoC should have little to no impact on the performance of life-critical or mission-critical tasks—allowing only an inconvenience in data transmission that can be achieved by some other secondary, perhaps less convenient, means. It’s always wise to work with a team that has extensive experience in IoT design and development to make sure your end product is secure.