×
Wireless Connectivity
-
Wireless Connectivity
- Embedded Wi-Fi
- Low Power Wide Area Networks
- Bluetooth
- Embedded Wireless
- Applications
- Design Partners
- 3rd Party Module Partners
- RED Frequently Asked Questions
- Over-the-Air Updates
- Zigbee® Solutions
- Software Vulnerability Response
Software Vulnerability Response
Protecting You and Your Design
From time to time vulnerabilities that need immediate attention are discovered in communication protocols like TCP/IP, Bluetooth®, Wi-Fi® and other software implementations. Because these threats to your system are a primary concern for us, we keep a watch on these discoveries and provide fixes when necessary. We prioritize firmware updates to ensure threats are eliminated quickly, allowing you to keep your designs connected and protected.
Listed below are our responses to protocol and software implementation vulnerabilities that have been announced in the past. Click on a link to learn more about our response to the specific vulnerability.
| Name | Technology | Description |
|---|---|---|
| KRACK | Wi-Fi | WPA2 (Wi-Fi Protected Access II) protocol, which is a widely used Wi-Fi security mechanism, is vulnerable to a Key Reinstallation attack (KRACK). This vulnerability is in the standard definition and not in a specific implementation. |
| Kr00k | Wi-Fi | Microchip is not affected by this Wi-Fi encryption vulnerability. |
| BlueBorne Attack Vector | Bluetooth | BlueBorne is an attack vector that exploits security gaps in Bluetooth Classic connections and can be used to execute malicious code on affected devices. |
| Key Negotiation of Bluetooth (KNOB) | Bluetooth | Key Negotiation of Bluetooth or KNOB affects Bluetooth Classic devices (devices using BR/ EDR connections). It is vulnerable to an attacker reducing the negotiated encryption key length to a single octet, allowing a brute force attack to decrypt the data and inject data into a Bluetooth connection. |
| Sweyntooth | Bluetooth | This is a Bluetooth Low Energy (BLE) security vulnerability. A white paper detailing this vulnerability is available. |
| Bluetooth Impersonation Attacks (BIAS) | Bluetooth | This is a vulnerability found in the Bluetooth Core Specification that impacts Secure Connections in Bluetooth. LE Secure Connections, as part of the Bluetooth Low Energy Specification, is not affected. |
| Amnesia Network Stack (TCP/IP) Vulnerability | TCP/IP | This is a set of vulnerabilities in TCP/IP software. A whitepaper with more information about this vulnerability is available. |