12 vulnerabilities were found across different BLE software development kits (SDKs) of six major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws in specific BLE SoC implementations that allow an attacker in radio range to trigger deadlocks, crashes and buffer overflow or completely bypass security depending on the circumstances.

The researchers also made available the proof of concept code on their GitHub repository: https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_lo...

hahaha, this is not a backdoor. It's just logical implementation flaws. If wifi products had good certification, this things wouldn't happen.

Parent didn't say this was a backdoor; just that they "can be compelled" to add one, if requested by the Chinese government in the future.

Sadly this isn't a tin foil hat possibility.

Not unique to Chinese firms either. Sprint resisted blanket surveillance, for a while, and were finally coerced into line. Do you imagine hardware vendors are immune to the same pressure, in the US, Japan, and Europe?

The silicon vendor Espressif has already patched the last firmware (SDK) of such devices. However, other products that uses this chips with still have to patch against it.

The beautiful part of IoT is how there's billions of devices out in the wild with no upgrade plan.

The ESP chips are OTA capable with example code provided, but that still means vendors have to incorporate the function, provide a way for the device to check for updates, care enough to produce updates, and secure the upgrade mechanism enough that it's not a worse vulnerability than an unpatched device.

yes, what was discovered is that no matter what master key was exchanged after the radius authentication, the attacker can still hijack the device.

Multi-physical layer communication protocol also could be the best way to describe it in one word.