SWEYNTOOTH Bluetooth flaws potentially impacting Medical Devices

Summary:

Health-ISAC published an initial Vulnerability Bulletin regarding SWEYNTOOTH on February 21, 2020 and is providing updated analysis and recommendations in this amended release. Health-ISAC is working closely with many Medical Device Manufacturers (MDMs) who welcome the hard work and diligence by the security researcher community in evaluating embedded systems. Their work makes the healthcare industry more resilient to cybersecurity attacks.

SWEYNTOOTH captures a family of 12 vulnerabilities (more under non-disclosure) across different Bluetooth Low Energy (BLE) software development kits (SDKs) of seven major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws in specific BLE SoC implementations that allow an attacker within radio range to trigger deadlocks, crashes and buffer overflows or completely bypass security of Bluetooth enabled devices depending on the circumstances.

See full report below:

View PDF

• Related Resources & News
• Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
• New Cybersecurity Policies Could Protect Patient Health Data
• CyberWire Podcast: PHP flaw sparks global attack wave
• Health-ISAC Hacking Healthcare 3-14-2025
• HSCC Aiming to Identify Healthcare Workflow Chokepoints
• New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
• Are Efforts to Help Secure Rural Hospitals Doing Any Good?
• CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
• 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
• Cobalt Strike takedown effort cuts cracked versions by 80%