PLEASE ROTATE ME
March 11, 2020
A group of vulnerabilities in Bluetooth Low Energy (BLE) software development kits (SDK) has recently attracted the attention of Bluetooth developers. Collectively known as SweynTooth, these vulnerabilities can be used to compromise various smart devices.
First brought to light by Singapore University of Technology and Design’s (SUTD) Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang, SweynTooth enables hackers to crash affected devices, force devices to deadlock or restart, or bypass BLE’s secure pairing mode to access functions reserved for authenticated users. SweynTooth may affect wearables, IoT products in smart homes, and devices designed for environmental tracking or sensing. Several medical and logistics products have been identified as likely to be vulnerable, as well.
Even though we now understand the underlying principles of the SweynTooth vulnerabilities, it is fair to ask, “Are my products at risk if they are built on Telink BLE chips?” According to a test list published by the SUTD researchers (see below), as long as your devices are using the listed SDK versions (or later SDK versions), they will not be vulnerable to SweynTooth.
Table credit: SUTD researchers via GitHub
If your products are using an SDK version that is earlier than the listed version, it is recommended that you perform a thorough vulnerability assessment on each product. If necessary, you can address any vulnerabilities you identify through over-the-air (OTA) updates (or a number of other methods).
Fortunately, not only do all major Telink BLE chips on the market have built-in Flash and support OTA updates, but Telink has integrated mature, stable OTA codes into all our SDKs, meaning Bluetooth developers can use them with full confidence.
Telink recognizes that security is of the utmost importance when it comes to IoT products. We are also committed to delivering extensive chip design capabilities and a rich chip design experience, and are an industry leader in the research and development of multi-mode IoT chips. Accordingly, we will continue to provide customers with IoT chips that are high-performing, secure, and reliable, helping companies quickly launch new products and establish long-term, mutually beneficial cooperative relationships with their own customers.