Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

SweynTooth Bluetooth® Low Energy (BLE) Vulnerability

Microchip is aware of a Bluetooth Low Energy (BLE) security vulnerability named SweynTooth, originally published by the Singapore University of Technology and Design. The white paper detailing this vulnerability is available at the following link: https://asset-group.github.io/disclosures/sweyntooth/

Microchip takes security issues seriously and is currently working to understand the issue and provide solutions for our clients. We have determined that this vulnerability affects some of our BLE products. This page will provide the latest insight and will be updated regularly. 

SweynTooth Affected Products

The table below lists Microchip products affected by SweynTooth and a proposed resolution.  

The affected BLE devices may become unresponsive and may require a reset from the host microcontroller when attacked.

One of the most serious of the ten published vulnerabilities is  CVE-2019-19194 (6.10). This vulnerability enables an attacker in range of the radio transmission to bypass the “Secure Connections” pairing mode.   No Microchip devices are affected by the CVE-2019-19194 (6.10).

Device Source Vulnerabilities Affected Resolution
ATSAMB11 White Paper CVE-2019-19195 (6.8) Pending
WINC3400 Self Disclosure CVE-2019-19195 (6.8) Firmware patch in development
WILC3000 (RTOS) Self Disclosure Investigating Will advise if fix is required
WILC3000 (Linux) N/A
NoneNot affected
RN4020 Self Disclosure Investigating Will advise if fix is required
IS1870
IS1871
Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Firmware patch in development
BM70
BM71
Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Pending
RN4870
RN4871
Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Firmware patch in development
BTLC1000 Self Disclosure CVE-2019-19195 (6.8) Pending
IS1677
IS1678
Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Firmware patch in development
BM77Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Pending
BM78 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Pending
RN4677
RN4678
Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Pending
IS2062
IS2063
IS2064
IS2066
Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Pending
BM62
BM63

BM64
Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Pending
IS2083 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Firmware patch in development
BM83 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)
Firmware patch in development