Close
Introduction
The Bluetooth SIG has issued a statement regarding Bluetooth security vulnerabilities outlined in the research paper from the École Polytechnique Fédérale de Lausanne and captured in CVE-2020-10135. The following summarizes the SIG recommendations in the statement, and Cypress’ response:
SIG Recommendation |
Cypress Response |
Use the Secure-Connections-Only mode |
All Cypress-provided Bluetooth firmware supports Secure-Connections-Only mode |
Use a software stack that addresses CVE-2019-9506 |
Cypress software has resolved CVE-2019-9506 (see below for firmware versions) |
Do not use the authentication-complete HCI event (or equivalent) in a host or application to affect any change in security role or access level by a remote authenticated device |
Cypress-provided Bluetooth firmware does not use the authentication-complete HCI event to affect security role or access level changes |
In addition, Cypress’ Bluetooth firmware provides the following:
For further questions, our customers can create a support case through our secure support portal or by contacting their Cypress representative.
If you believe you have identified a vulnerability in any Cypress product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com.
The below and subsequent firmware versions resolve CVE-2019-9506:
Part Number |
Firmware |
ModusToolBox BT SDK |
CYW20706A1 |
BCM20703A1_001.001.005.0405.0000 |
*N/A |
CYW20719B1 |
|
*N/A |
CYW20721B1 | *N/A | |
CYW20719B2 |
CYW20719B2_002.003.026.0112 |
BT SDK 2.5 |
CYW20721B2 | CYW20721B2_002.003.026.0115 | BT SDK 2.5 |
CYW20819A1 |
CYW20819A1_001.002.012.0131 |
BT SDK 2.5 |
CYW20820A1 |
CYW20819A1_001.002.012.0131 |
BT SDK 2.5 |
CYW89820 |
CYW20819A1_001.002.012.0131 |
BT SDK 2.5 |
CYW20706A2 |
BCM20703A2_001.002.011.0330 |
BT SDK 2.5 |
CYW20735B1 |
CYW20735B1_002.002.008.0086 |
BT SDK 2.5 |
CYW20702A1 |
BCM20702A1_001.002.014.1524.0000 |
*N/A |
CYW43012C0 |
CYW43012C0_003.001.015.0168 |
BT SDK 2.5 |
CYW4339 |
BCM4335C0_003.001.009.0171.0000 |
*N/A |
CYW4349B1 |
BCM4349B1_002.002.014.0142.0000 |
*N/A |
CYW4359D0 |
CYW4359D0_004.001.016.0150.0000 |
*N/A |
CYW43455C0 |
BCM4345C0_003.001.025.0162.0000 |
*N/A |
CYW4343W/CYW43438 |
BCM4343A1_001.002.009.0118.0000 |
*N/A |
CYW4354A2 |
CYW4354A2_001.003.015.0109.0000 |
*N/A |
CYW4373A0 |
CYW4373A0_001.001.025.0064.0000 |
*N/A |
*Delivered upon request. Please contact your local Cypress FAE.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.