PRODUCT SECURITY BULLETIN: "SweynTooth" BLE

Publication Date: 03/30/2020
Last Updated: 08/10/2020

Abbott is proactively monitoring developments related to the recently identified vulnerabilities in third-party Bluetooth Low Energy (BLE) components, commonly referred to as “SweynTooth”. According to published reports, including the CISA Alert1, the vulnerabilities expose flaws in specific BLE components from multiple chip manufacturers that could allow an unauthorized user to interrupt BLE communication or bypass security.

Most Abbott products are unaffected by this advisory. For those products that do use the impacted BLE implementations, Abbott has thoroughly performed testing to determine whether there could be any potential impact on product performance and safety as a result of these vulnerabilities.

Abbott’s product security and quality teams are working closely with our chip suppliers to determine if any other devices that use BLE components similar to those named in the advisory could be affected. There are currently no known exploits of Abbott products related to SweynTooth.

Affected Products

Abbott is providing the list below to assist customers in identifying Abbott products that use BLE components potentially vulnerable to SweynTooth. The list below is subject to change based on updated information2 related to impacted BLE components, BLE manufacturer actions and additional product evaluation.

 

Product

Impact

Remediation

Confirm RxTM

Abbott has confirmed that Confirm RxTM is using one of the SweynTooth vulnerable components.

The vulnerability, if exploited, may temporarily interfere with the connection between Confirm Rx and the MyMerlin patient App or the Merlin PCS programmer.

No risk of patient impact: Abbott’s product is designed to automatically restore BLE communication if it is disrupted, and a temporary disruption in BLE communication does not impact the device’s ability to monitor for arrythmias.

There are no safety issues associated with the Confirm Rx device and no intervention is required.

Additional Information

Customers interested in additional information regarding patches, procedures or configuration changes on any Abbott products should contact their Abbott assigned account or customer support representative.

Abbott is committed to ensuring the safety and security our products. For more information on Abbott’s product cybersecurity program here.

 

References
1. Cybersecurity and Infrastructure Security Agency (CISA), ICS Alert (ICS-ALERT-20-063-01) SweynTooth Vulnerabilities. Accessed March 12, 2020, https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01
2. Asset Research Group: SweynTooth, July 14, 2020 Update - https://asset-group.github.io/disclosures/sweyntooth/

 

true
accessibility

You are about to exit for another Abbott country or region specific website

Please be aware that the website you have requested is intended for the residents of a particular country or region, as noted on that site. As a result, the site may contain information on pharmaceuticals, medical devices and other products or uses of those products that are not approved in other countries or regions.


The website you have requested also may not be optimized for your specific screen size.

Do you wish to continue and exit this website?

accessibility

You are about to exit the Abbott family of websites for a 3rd party website

Links which take you out of Abbott worldwide websites are not under the control of Abbott, and Abbott is not responsible for the contents of any such site or any further links from such site. Abbott is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of the linked site by Abbott.


The website that you have requested also may not be optimized for your screen size.

Do you wish to continue and exit this website?