Cybersecurity (opens in new tab) researchers have shared details about eight vulnerabilities in the Bluetooth Low Energy (BLE) software stack of the open source (opens in new tab) real-time Zephyr OS (opens in new tab).
Developed under the aegis of the Linux Foundation (opens in new tab), Zephyr started at Wind River before it was acquired by Intel (opens in new tab) and eventually open sourced. The OS supports over 200 boards and counts the likes of Intel, Linaro, Texas Instruments, Nordic Semiconductor, Bose, Facebook, Google, and others as members, many of whom have devices that run Zephyr.
Security vendor Synopsys, who discovered the vulnerabilities, divides the flaws into three high-level categories. Some of the vulnerabilities can lead to remote code execution, while others could be exploited to grab confidential information like encryption keys.
- These are the best endpoint protection tools (opens in new tab)
- Check our list of the best firewall apps and services (opens in new tab)
- Protect your devices with these best antivirus software (opens in new tab)
“All the reported vulnerabilities can be triggered from within the range of Bluetooth LE. Triggering the vulnerability does not require authentication or encryption,” writes Synopsys in its advisory (opens in new tab).
Connect to exploit
Synopsys notes that the only requirement for the exploitation of the vulnerabilities is for a Zephyr-powered device to be in advertising mode and accepting connections.
Speaking to The Register (opens in new tab), Matias Karhumaa, senior software engineer at the Synopsys Cybersecurity Research Centre, shared that bluetooth devices (opens in new tab) like smartwatches (opens in new tab), fitness trackers (opens in new tab), and medical devices like continuous glucose monitoring sensors operate in the advertising mode to facilitate external devices to connect to them.
Just last month, researchers at the French National Agency for the Security of Information Systems (ANSSI) identified a number of vulnerabilities (opens in new tab) in two critical Bluetooth services that could’ve been exploited to allow attackers to hijack a pairing request in order to conduct Man-in-the-Middle (MitM) attacks.
When questioned about the exploitability of the Zephyr Bluetooth vulnerabilities, Karhumaa shared that he believes businesses shouldn’t spend time trying to figure out whether a vulnerability is exploitable in the real-world, and rather work “to make it easy to identify, reproduce, and resolve the bugs regardless of their exploitability."
According to Synopsys’ advisory, the vulnerabilities were shared with Zephyr back in March 2021, who started fixing them immediately, culminating with the Zephyr 2.6.0 release earlier in June with patches for all the reported vulnerabilities.
- Take a look at the best Linux laptops (opens in new tab) for running Linux