Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Security Bulletin: Public Statement on Bluetooth SIG Member Statement on Bluetooth Impersonation Attack (“BIAS”) Inquiries CVE-2020-10135

Security Bulletin: Public Statement on Bluetooth SIG Member Statement on Bluetooth Impersonation Attack (“BIAS”) Inquiries CVE-2020-10135

MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

Introduction

The Bluetooth SIG has issued a statement regarding Bluetooth security vulnerabilities outlined in the research paper from the École Polytechnique Fédérale de Lausanne and captured in CVE-2020-10135. The following summarizes the SIG recommendations in the statement, and Cypress’ response:

 

SIG Recommendation

Cypress Response

Use the Secure-Connections-Only mode

All Cypress-provided Bluetooth firmware supports Secure-Connections-Only mode

Use a software stack that addresses CVE-2019-9506

Cypress software has resolved CVE-2019-9506 (see below for firmware versions)

Do not use the authentication-complete HCI event (or equivalent) in a host or application to affect any change in security role or access level by a remote authenticated device

Cypress-provided Bluetooth firmware does not use the authentication-complete HCI event to affect security role or access level changes

 

In addition, Cypress’ Bluetooth firmware provides the following:

  • Requests for role change during secure authentication will result in authentication failure
  • Because initial privacy settings are stored in device NVRAM, any subsequent attempt to change security levels are rejected

 

For further questions, our customers can create a support case through our secure support portal or by contacting their Cypress representative.

 

If you believe you have identified a vulnerability in any Cypress product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com.

 

The below and subsequent firmware versions resolve CVE-2019-9506:

 

Part Number

Firmware

ModusToolBox BT SDK

CYW20706A1

BCM20703A1_001.001.005.0405.0000

*N/A

CYW20719B1

 

*N/A

CYW20721B1   *N/A

CYW20719B2

CYW20719B2_002.003.026.0112

BT SDK 2.5

CYW20721B2 CYW20721B2_002.003.026.0115 BT SDK 2.5

CYW20819A1

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW20820A1

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW89820

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW20706A2

BCM20703A2_001.002.011.0330

BT SDK 2.5

CYW20735B1 

CYW20735B1_002.002.008.0086

BT SDK 2.5

CYW20702A1 

BCM20702A1_001.002.014.1524.0000

*N/A

CYW43012C0

CYW43012C0_003.001.015.0168

BT SDK 2.5

CYW4339

BCM4335C0_003.001.009.0171.0000

*N/A

CYW4349B1

BCM4349B1_002.002.014.0142.0000

*N/A

CYW4359D0

CYW4359D0_004.001.016.0150.0000

*N/A

CYW43455C0

BCM4345C0_003.001.025.0162.0000

*N/A

CYW4343W/CYW43438

BCM4343A1_001.002.009.0118.0000

*N/A

CYW4354A2

CYW4354A2_001.003.015.0109.0000

*N/A

CYW4373A0

CYW4373A0_001.001.025.0064.0000

*N/A

 

*Delivered upon request. Please contact your local Cypress FAE.

1406 Views
2 Comments
Authors