Internet-of-Things (IoT) devices like smart home locks depend largely on Bluetooth low energy (BLE) technology to function and connect across other devices with reduced energy consumption.

It is no secret as these devices get more prevalent with increasing levels of connectivity, the need for strengthened security in IoT has also become vital.

Along those lines, a new tool ended up designed and implemented called the Greyhound framework, which can discover SweynTooth, a critical set of 11 cyber vulnerabilities. The tool ended up discovered by a research team, led by Assistant Professor Sudipta Chattopadhyay from the Singapore University of Technology and Design (SUTD), with team members from SUTD and the Institute for Infocomm Research (I2R).

Security lapses ended up found where they truly affect devices by causing them to crash, reboot or bypass security features. At least 12 BLE based devices from eight vendors suffered from the issues, including a few hundred types of IoT products including pacemakers, wearable fitness trackers and home security locks.

The SweynTooth code has since been made available to the public and several IoT product manufacturers have used it to find security issues in their products. In Singapore alone, 32 medical devices reported to be affected by SweynTooth and 90 percent of these device manufacturers have since implemented preventive measures against this set of cyber vulnerabilities.

Schneider Bold

Regulatory agencies including the Cyber Security Agency and the Health Sciences Authority in Singapore as well as the Department of Homeland Security and the Food and Drug Administration in the United States reached out to the research team to further understand the impact of these vulnerabilities.

These agencies have also raised public alerts to inform medical device manufacturers, healthcare institutions and end users on the potential security breach and disruptions. The research team continues to keep them updated on their research findings and assessments.

Beyond Bluetooth technology, the research team designed the Greyhound framework using a modular approach so it could easily end up adapted for new wireless protocols.

A tool called the Greyhound framework ended up created to discover SweynTooth, a critical set of 11 cyber vulnerabilities.
Source: SUTD

This allowed the team to test it across the diverse set of protocols that IoTs frequently employ. This automated framework also paves new avenues in the testing security of more complex protocols and IoTs in next-generation wireless protocol implementations such as 5G and NarrowBand-IoT which require rigorous and systematic security testing.

“As we are transitioning toward a smart nation, more of such vulnerabilities could appear in the future. We need to start rethinking the device manufacturing design process so that there is limited reliance on communication modules such as Bluetooth to ensure a better and more secure smart nation by design,” Chattopadhyay said.


Pin It on Pinterest

Share This