Wireless Connectivity
-
Wireless Connectivity
- Embedded Wi-Fi
- Low Power Wide Area Networks
- Bluetooth
- Embedded Wireless
- Applications
- Design Partners
- 3rd Party Module Partners
- RED Frequently Asked Questions
- Over-the-Air Updates
- Zigbee® Solutions
- Software Vulnerability Response
SweynTooth Bluetooth® Low Energy (BLE) Vulnerability
Microchip is aware of a Bluetooth Low Energy (BLE) security vulnerability named SweynTooth, originally published by the Singapore University of Technology and Design. The white paper detailing this vulnerability is available at the following link: https://asset-group.github.io/disclosures/sweyntooth/
Microchip takes security issues seriously and is currently working to understand the issue and provide solutions for our clients. We have determined that this vulnerability affects some of our BLE products. This page will provide the latest insight and will be updated regularly.
SweynTooth Affected Products
The table below lists Microchip products affected by SweynTooth and a proposed resolution.
The affected BLE devices may become unresponsive and may require a reset from the host microcontroller when attacked.
One of the most serious of the ten published vulnerabilities is CVE-2019-19194 (6.10). This vulnerability enables an attacker in range of the radio transmission to bypass the “Secure Connections” pairing mode. No Microchip devices are affected by the CVE-2019-19194 (6.10).
| Device | Source | Vulnerabilities Affected | Resolution |
|---|---|---|---|
| ATSAMB11 | White Paper | CVE-2019-19195 (6.8) | Pending |
| WINC3400 | Self Disclosure | CVE-2019-19195 (6.8) | Firmware patch in development |
| WILC3000 (RTOS) | Self Disclosure | Investigating | Will advise if fix is required |
| WILC3000 (Linux) | N/A | None | Not affected |
| RN4020 | Self Disclosure | Investigating | Will advise if fix is required |
| IS1870 IS1871 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Firmware patch in development |
| BM70
BM71 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Pending |
| RN4870 RN4871 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Firmware patch in development |
| BTLC1000 | Self Disclosure | CVE-2019-19195 (6.8) | Pending |
| IS1677 IS1678 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Firmware patch in development |
| BM77 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Pending |
| BM78 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Pending |
| RN4677 RN4678 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Pending |
| IS2062 IS2063 IS2064 IS2066 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Pending |
| BM62
BM63 BM64 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Pending |
| IS2083 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Firmware patch in development |
| BM83 | Self Disclosure | CVE-2019-17519 (6.1) CVE-2019-17518 (6.4) CVE-2019-19193 (6.5) | Firmware patch in development |