
12 New Bluetooth vulnerabilities affecting a massive number of “Smart” products - mendesgeo
https://asset-group.github.io/disclosures/sweyntooth/
======
programd
Also worth noting is the section where they point out the gaps in Bluetooth
specifications regarding error handling, failures of vendors to adhere to the
existing specs, and terrible state of Bluetooth certification which allowed
these stacks to pass muster. Read it and weep.

------
mendesgeo
12 vulnerabilities were found across different BLE software development kits
(SDKs) of six major system-on-a-chip (SoC) vendors. The vulnerabilities expose
flaws in specific BLE SoC implementations that allow an attacker in radio
range to trigger deadlocks, crashes and buffer overflow or completely bypass
security depending on the circumstances.

The researchers also made available the proof of concept code on their GitHub
repository: [https://github.com/Matheus-
Garbelini/sweyntooth_bluetooth_lo...](https://github.com/Matheus-
Garbelini/sweyntooth_bluetooth_low_energy_attacks)

