- Embedded Wi-Fi
- Low Power Wide Area Networks
- RF Remotes
- RF Identification
- IR Control
- Design Partners
- 3rd Party Module Partners
- RED Frequently Asked Questions
BlueBorne Attack Vector
BlueBorne is a recently published attack vector that exploits security gaps in Bluetooth classic connections and can be used to execute malicious code on affected devices. More details about the specific vulnerabilities can be found below.
Effect on Microchip Products:
Products that have no vulnerabilities:
- The recommended fix is to patch the Host layers that the attack is using
- On the host BT stack ensuring the device remains in IDLE state by not enabling Page/ Inquiry scan at any time and that it will never initiate any Bluetooth connection setting the device into Page/ Inquiry states.
- New firmware release is planned (15.01) that will disable Bluetooth classic operation and will ensure these vulnerabilities can’t be exploited – Estimated date 01/2018.
BlueBorne targets vulnerabilities in Android and Linux BlueDroid and BlueZ stack implementation which allows RCE (Remote Code Execution) on the host within high privileged process and/or kernel space. The BlueBorne attack vector exploits the following eight vulnerabilities in the host Bluetooth stack implementation and is not related in any way to the Microchip Bluetooth device Firmware or driver implementation.
- Linux kernel RCE vulnerability – CVE-2017-1000251
- Linux Bluetooth stack (BlueZ) information Leak vulnerability – CVE-2017-1000250
- Android information Leak vulnerability – CVE-2017-0785
- Android RCE vulnerability #1 – CVE-2017-0781
- Android RCE vulnerability #2 – CVE-2017-0782
- The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783
- The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628
- Apple Low Energy Audio Protocol RCE vulnerability – CVE-2017-14315
- The correct and recommended fix for this attack is to patch the Host layers that the attack targets.
- SMP (Security Management Protocol): The exposed services can limit access to its features to fully paired devices (Authenticated), ‘Just Works’ mode is essential for devices with no IO capabilities but it marks the connected device to be unauthenticated so that access to unintended services will be prohibited. Service implementer should be aware of access permissions of different features.