Bastille, the leader in enterprise threat detection through software-defined radio, today announced that Bastille Enterprise can see all the SweynTooth-vulnerable Bluetooth Low Energy devices within an Enterprise.
SWEYNTOOTH OVERVIEW: Three researchers from the Singapore University of Technology and Design (SUTD), Matheus Garbelini, Sudipta Chattopadhyay, and Chundong Wang, made details of the vulnerabilities available last week, following a 90 day waiting period for Responsible Disclosure, having notified impacted manufacturers late last year.
The name “SweynTooth” covers a dozen flaws in the software development kits (SDKs) responsible for supporting BLE communications that are provided by vendors of system-on-a-chip (SoC) chipsets. The vulnerabilities are believed to be on more than 480 different end-user devices. Six of the SoC manufacturers who were notified last year of the vulnerability and have released patches include Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics. Most BLE devices will remain unpatched for months or years as the chip manufacturers have to get their patches to the device manufacturers. The device manufacturers have to distribute the firmware updates to their customers. BLE device end-users are notoriously slow to reflash their firmware. There are many other impacted vendors and the researchers say they will release their names when those manufacturers release patches. Researchers also hinted that there are additional attack vectors against Bluetooth Low Energy devices which are still under non-disclosure.
More information about the vulnerabilities, available patches and affected devices can be found on the ASSET Research Group SweynTooth disclosure website.
“The Singapore researchers discovered that the SweynTooth vulnerabilities allow attackers to use radio signals to bypass security, and take control of, or shut down Bluetooth Low Energy devices,” said Chris Risley, CEO at Bastille Networks. “The SweynTooth BLE vulnerability is particularly stealthy because BLE connections are invisible on the Corporate Network. Once the attackers have a compromised device inside your facility they can use it as a beachhead to attack other systems. Devices can be compromised outside the facility, unbeknownst to their users, and then be carried in on the wrists or ears of innocent users.”
Only Bastille Sees Bluetooth Low Energy Devices All The Time, even when they are Paired
Other vendors may claim Bluetooth Low Energy device visibility, but they are only detecting them when the devices are in “advertising mode”. Once the BLE device finds a partner and pairs with it, those devices disappear from the competitors’ screens. Only Bastille continues to locate both ends of the BLE pair throughout the pairing connection.
“Following the announcement of SweynTooth, Enterprise CISOs are asking their security teams to conduct a complete inventory of their airspace to detect and locate ALL the Radio Frequency devices within their enterprise, including Bluetooth Low Energy devices, so they can determine which devices may be affected,” said Bob Baxley, Bastille’s Chief Technical Officer. “Only Bastille can detect and accurately locate every Bluetooth-based device on a floor plan, whether or not it is pairing at the time of the inventory, so that they can be investigated and patched or removed from the environment.”
Bob Baxley added: “SweynTooth, the Phillips Hue vulnerability Zigbee Worm, BleedingBit, BlueBorne, MouseJack, and KeySniffer are all examples of how immature security is for Radio Frequency protocols. Ethernet and IP Protocols have undergone decades of battle-hardening. Even Wi-Fi has been heavily used for 20 years. These protocols had lots of security vulnerabilities when they were young but researchers have discovered those vulnerabilities and most have been patched. Widespread Bluetooth and BLE adoption are more recent and as a result, we’re still discovering very large security holes in those protocols. I have no doubt that similar huge security holes will be discovered in the more than 100 new radio protocols used by IoT devices. Bastille can tell you which devices in your facility–both on and off your network–are susceptible to RF attack. It is critical that CISOs understand their RF attack surface in order to maintain a secure perimeter.”
Bastille Enterprise: Bastille Enterprise is available now. Bastille can be installed to discover devices and networks anywhere from a single meeting room up to hundreds of buildings on a global basis. Bastille provides continuous RF monitoring and protection for an organization’s most valuable assets.
Launched in 2014, Bastille is the leader in enterprise threat detection through software-defined radio. Bastille provides full visibility into the known and unknown mobile, wireless and Internet of Things devices inside an enterprise’s corporate airspace–together known as the Internet of Radios. Through its patented software-defined radio and machine learning technology, Bastille senses, identifies and localizes threats, providing security teams the ability to accurately quantify risk and mitigate airborne threats that could pose a danger to network infrastructure. For more information, visit www.bastille.net and follow them on Twitter @bastillenet and LinkedIn.