If you work in the healthcare industry, you may have heard about a family of vulnerabilities called “SweynTooth.” Researchers from Singapore first discovered the vulnerabilities in 2019. After waiting 90 days to announce them, which is part of the responsible disclosure process, they published a technical paper. If you are not familiar with the SweynTooth family, you should still be aware of it considering the flaws could enable attackers to compromise some medical internet of things (IoT) devices that are being used in hospitals today (i.e., blood glucose meters, inhalers and certain pacemakers).
While the affected devices use Bluetooth Low Energy, the SweynTooth vulnerabilities do not stem from the Bluetooth chips themselves. They arise from flaws in the software development kit used during the manufacturing phase. Software development kits guide engineers as they build devices. For example, the kits explain how to integrate chips into the device. In the case of SweynTooth, the vulnerabilities are in the software libraries that come with the kit.
Hospitals and their patients are the main SweynTooth victims. Neither party has visibility into if vulnerabilities were introduced during the manufacturing process. Fortunately, in this case, the vulnerabilities are fixable, and in most circumstances are not life-threatening.
A Deeper Look at SweynTooth
To learn more about the potential impact of SweynTooth and what hospitals should be doing to prevent a compromise, I spoke with our X-Force Red Hacking Chief Technology Officer Steve Ocepek and physician and Director of Cybersecurity Advisory Services at The AbedGraham Group, Dr. Saif Abed. Steve and ..
Support the originator by clicking the read the rest link below.
![[Ken Shirriff] Takes a Bite of the Apple-I](upload/sources/81051557218809.jpg)
