We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here
Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here
Complete your profile to access more resources.Update Here!

Bluetooth® Impersonation Attacks (BIAS)

Microchip is aware of a Bluetooth security vulnerability named BIAS. This is a vulnerability found in the Bluetooth Core Specification that impacts Secure Connections in Bluetooth Classic. Bluetooth Low Energy (LE) Secure Connections as part of the Bluetooth LE specification is not affected.

We have determined that this vulnerability affects some Microchip products. We take all security issues very seriously and we are currently working on firmware updates to resolve this vulnerability.

Potential Impact of BIAS Vulnerability

The vulnerability has the potential to attack paired Bluetooth devices using mutual authentication as part of Secure Connections. In a successful attack, the attacker can impersonate one side of a paired connection. If one side is patched to address this vulnerability, then the pairing will be secure.

Product Status and Resolution

The table below lists Microchip products affected by the BIAS vulnerability and information about a proposed resolution. This page will be updated on a regular basis as we make progress on resolving this vulnerability.

Device Family Will It Be Fixed? How Fix Will Be Delivered Additional Information
BM78 Yes New firmware and module Firmware: May/June 2020
Module: August 2020
RN4678 Yes New firmware and module Firmware: June/July2020
Module: September 2020
BM20 Yes New patch code TBD
BM23 No N/A Mature product, not recommended for new designs, consider BM83
BM62 Yes New firmware TBD
BM63 No N/A Mature product, not recommended for new designs, consider BM83
BM64 Yes New firmware and module TBD
BM83 Yes New firmware and module TBD
RN41 No N/A Mature product, not recommended for new designs, consider RN4678
RN42 No N/A Mature product, not recommended for new designs, consider RN4678
BM90 No N/A Mature product, not recommended for new designs, consider BM83
RN52 No N/A Mature product, not recommended for new designs, consider BM83
BM77 No N/A Mature product, not recommended for new designs, consider RN4678
RN4677 No N/A Mature product, not recommended for new designs, consider RN4678