:::: MENU ::::

Bluetooth 보안 문제 – SweynTooth

블루투스 소프트웨어 스텍에서 발견된 문제들. 다수의 칩 벤더들의 SDK에 문제(deadlocks, crashes and buffer overflows or completely bypass security)가 있어서 패치가 제공되었다.

Table 1: Vulnerabilities type and affected vendors




Type
Vulnerability Name
Affected Vendors
CVE




Crash
Link Layer Length Overflow
Cypress
CVE-2019-16336 (6.1)
NXP
CVE-2019-17519 (6.1)



Truncated L2CAP Dialog Semiconductors CVE-2019-17517 (6.3)



Silent Length Overflow Dialog Semiconductors CVE-2019-17518 (6.4)



Public Key Crash Texas Instruments CVE-2019-17520 (6.6)



Invalid L2CAP Fragment Microchip CVE-2019-19195 (6.8)



Key Size Overflow Telink Semiconductor CVE-2019-19196 (6.9)




Deadlock
LLID Deadlock
Cypress
CVE-2019-17061 (6.2)
NXP
CVE-2019-17060 (6.2)



Sequential ATT Deadlock STMicroelectronics CVE-2019-19192 (6.7)



Invalid Connection Request Texas Instruments CVE-2019-19193 (6.5)




Security Bypass Zero LTK Installation Telink Semiconductor CVE-2019-19194 (6.10)



Table 2: Vulnerabilities and SDK versions of the affected SoCs.* indicates extra affected SoCs reported by the vendor not tracked by our team.





Vuln.
SoC Vendor
SoC Model
SDK Ver.
Qualification ID(s)





BLE Version 5.0/5.1
6.1,6.2 Cypress (PSoC 6) CYBLE-416045 2.10 99158
6.5,6.6 Texas Instruments CC2640R2 3.30.00.20 94079
6.9,6.10 Telink TLSR8258 3.4.0 92269, 136037
6.7 STMicroelectronics WB55 1.3.0 111668
6.7 STMicroelectroncis BlueNRG-2 3.1.0 87428, 106700, 94075
6.4 Dialog DA1469X* 10.0.6 100899
6.3 Dialog DA14585/6* 6.0.12.1020 91436





BLE Version 4.2
6.1,6.2 Cypress (PSoC 4) CYBL11573 3.60 62243, 136808, 79697, 82951, 79480
6.1,6.2 NXP KW41Z 2.2.1 84040
6.4 Dialog DA14680 1.0.14.X 87407, 84084, 71309, 75255





BLE Version 4.1
6.5 Texas Instruments CC2540 1.5.0 23454, 127418
6.3 Dialog DA14580 5.0.4 83573
6.8 Microchip ATSAMB11 6.2 73346





2.1 Attacks on IoT

Table 3: Products verified to be vulnerable





Product
Category
BLE SoC
Vulnerability
Impact





Eve Energy Smart Home
DA14680
(6.4) Silent Length Overflow
Crash
August Smart Lock Smart Home
DA14680
(6.4) Silent Length Overflow
Crash





Fitbit Inspire
Wearables
CY8C68237
(6.1) LL Length Overflow
Crash
(6.2) LLID Deadlock
Crash





CubiTag Gadget Tracking CC2640R2
(6.6) Public Key Crash
Deadlock





eGeeTouch TSA Lock Security CC2540
(6.5) Invalid Connection Request
Deadlock





문제가 있는 제품들

출처: https://asset-group.github.io/disclosures/sweyntooth/