We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here
Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here
Complete your profile to access more resources.Update Here!

SweynTooth Bluetooth® Low Energy (LE) Vulnerability

Microchip is aware of a Bluetooth LE security vulnerability named SweynTooth, originally published by the Singapore University of Technology and Design. The white paper detailing this vulnerability is available at the following link: https://asset-group.github.io/disclosures/sweyntooth/ Vulnerability Paper

Microchip takes security issues seriously and is currently working to understand the issue and provide solutions for our clients. We have determined that this vulnerability affects some of our Bluetooth LE products. This page will provide the latest insight and will be updated regularly. 

Affected Products and Resolution

The table below lists Microchip products affected by SweynTooth and a proposed resolution. The affected Blueooth LE devices may become unresponsive and may require a reset from the host microcontroller when attacked.

CVE-2019-19194 (6.10) is one of the most serious of the  published vulnerabilities. It enables an attacker in range of the radio transmission to bypass the “Secure Connections” pairing mode. No Microchip devices are affected by the CVE-2019-19194 (6.10).

Device Source Vulnerabilities Affected Resolution
ATSAMB11 White Paper CVE-2019-19195 (6.8) No update planned
WINC3400 Self Disclosure CVE-2019-19195 (6.8) Firmware patch in development
WILC3000 (RTOS) Self Disclosure Investigating Will advise if fix is required
WILC3000 (Linux) N/A
 None Not affected
RN4020 Self Disclosure No update planned
 No update planned
IS1870
IS1871		 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 Fixed in update to firmware
BM70
BM71		 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 Fixed in update to firmware
RN4870
RN4871		 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 Fixed in update to firmware
BTLC1000 Self Disclosure CVE-2019-19195 (6.8) No update planned
IS1677
IS1678		 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 IS1678 fixed in firmware updated
BM77
BM78		 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 BM78 fixed in update to firmware
RN4677
RN4678		 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 RN4678 fixed in update to firmware
IS2062
IS2063
IS2064
IS2066		 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 Fixed in update to firmware
BM62
BM63
BM64		 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 Fixed in update to firmware
IS2083 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 Fixed in update to firmware
BM83 Self Disclosure CVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		 Fixed in update to firmware