Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

guest · Jun 22, 2021

Zephyr OS Bluetooth vulnerabilities left smart devices open to attack
June 22, 2021
https://www.theregister.com/2021/06/22/zephyr_os_bluetooth_vulnerabilities/

Vulnerabilities in the Zephyr real-time operating system's Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack – unless upgraded to a patched version of the OS.

A security advisory released by Synopsys this afternoon highlights eight key vulnerabilities in Zephyr's Bluetooth Low Energy (BLE) software stack. The least serious of these can lead to a denial-of-service attack by deadlocking the target device; the most serious allow for information leakage or, potentially, remote code execution.
Click to expand...

The vulnerabilities, discovered through use of Synopsys's Defensics fuzzing software, are exploitable when the devices are in advertising mode and accepting connections from remote devices – putting a wide range of gadgets at risk.

"Devices like smart watches, fitness trackers, or medical sensors (e.g., continuous glucose monitoring sensors) are in a peripheral role and in advertising mode to make it possible for phones to connect," Matias Karhumaa, senior software engineer at the Synopsys Cybersecurity Research Centre, told The Register.
Click to expand...

Synopsys: CyRC Vulnerability Advisory: Denial-of-service vulnerabilities in Zephyr Bluetooth LE stack

Eight vulnerabilities were discovered in Zephyr’s Bluetooth LE Stack using Defensics Bluetooth LE fuzzing solution.
Click to expand...

Log in or Sign up

Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

guest Guest

Log in or Sign up

Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

guest Guest

Useful Searches