Bluetooth security vulnerability status

Bluetooth security vulnerability status

Researchers at the Israel Institute of Technology identified a security vulnerability in two related Bluetooth® features:
Bluetooth BR/EDR: Secure Simple Pairing and Bluetooth LE: Secure Connections

Here you can find the offical statement from the Bluetooth SIG.

The Wireless Competence Center of Rutronik is in contact with all Bluetooth vendors of our linecard and we try to keep the status of the available firmware updated:

Nordic Semiconductor all SoC variants are not affected since SDK-Version 15. learn more
InsightSiP, Fujitsu, Murata, Garmin are module variants, which can be flashed with Nordic Semiconductor SDK 15.0.0
Toshiba TC35678-002 not affected since SDK-Version 4.1.0 (can be downloaded from the Toshiba Bluetooth Developer Zone)
Toshiba TC35679-002 not affected since SDK-Version 4.1.0 (can be downloaded from the Toshiba Bluetooth Developer Zone)
Toshiba TC3567C-002 not affected since SDK-Version 4.1.0 (can be downloaded from the Toshiba Bluetooth Developer Zone)
Toshiba TC3567D-002 not affected since SDK-Version 4.1.0 (can be downloaded from the Toshiba Bluetooth Developer Zone)
Toshiba TC35680-002 not affected since SDK-Version 4.1.0 (can be downloaded from the Toshiba Bluetooth Developer Zone)
Toshiba TC35681-002 not affected since SDK-Version 4.1.0 (can be downloaded from the Toshiba Bluetooth Developer Zone)
Toshiba TC35661-009 affected, patch availability under investigation
Toshiba TC35661-551 affected, patch availability under investigation
ST Microelectronics BlueNRG-MS and associated module SPBTLE-RF are not impacted as they do not support Secure Connections
ST Microelectronics BlueNGR-1 (and associated module SPBTLE-1S) and BlueNRG-2, ST is still investigating the impact of this vulnerability, and is at 3rd August not in a position to announce by when they can deliver a new firmware release including the appropriate fix.
Intel please check this overview of impacted products. Updated Drivers can be downloaded here.
Renesas RL78/G1D is not impacted, because it does not support Secure Connections.
Telit BlueMod+S is not impacted, because it does not support Secure Connections.
Telit BlueMod+S42/Central bug is fixed since v3.12.0002.
Telit BlueMod+S42/LUA bug is fixed since v4.13.0003.
Telit BlueMod+S42/ADC bug is fixed since v4.4.0001.
Telit BlueMod+S50 bug is fixed since v5.2.0003.
Telit BlueMod+SR is not impacted, because it does not support Secure Connections.
Telit BlueMod+S42M bug is fixed since v1.2.1.
Telit RE866A1 is affected, fix will be in latest Firmware release which is planned for 2nd week of November 2018 (status from 23. October).
Panasonic PAN1026 under study (status from 23.Aug)
Panasonic PAN1760 not affected
Panasonic PAN1761 not affected
Panasonic PAN1026A SW patch under study (status from 23.Aug)
Panasonic PAN1760A SW patch available Sept18
Panasonic PAN1762 SW patch available Sept18
Panasonic PAN1740 not affected
Panasonic PAN4620 fixed
Panasonic PAN1325B under Investigation (status from 23.Aug)
Panasonic PAN1326B under investigation (status from 23.Aug)
Panasonic PAN1326C under Investigation (status from 23.Aug)

If you have further questions regarding the Bluetooth Security topic, please send a mail to our specialists: wireless@rutronik.com

Learn how you can make your application more secure in our Security Aspects competence book.