cancel
Showing results for 
Search instead for 
Did you mean: 

Security Bulletin

MichaelF_56
Moderator
Moderator

Security Bulletin: Public Statement on Bluetooth SIG Member Statement on Bluetooth Impersonation Attack (“BIAS”) Inquiries CVE-2020-10135

Introduction

The Bluetooth SIG has issued a statement regarding Bluetooth security vulnerabilities outlined in the research paper from the École Polytechnique Fédérale de Lausanne and captured in CVE-2020-10135. The following summarizes the SIG recommendations in the statement, and Cypress’ response:

SIG Recommendation

Cypress Response

Use the Secure-Connections-Only mode

All Cypress-provided Bluetooth firmware supports Secure-Connections-Only mode

Use a software stack that addresses CVE-2019-9506

Cypress software has resolved CVE-2019-9506 (see below for firmware versions)

Do not use the authentication-complete HCI event (or equivalent) in a host or application to affect any change in security role or access level by a remote authenticated device

Cypress-provided Bluetooth firmware does not use the authentication-complete HCI event to affect security role or access level changes

In addition, Cypress’ Bluetooth firmware provides the following:

  • Requests for role change during secure authentication will result in authentication failure
  • Because initial privacy settings are stored in device NVRAM, any subsequent attempt to change security levels are rejected

For further questions, our customers can create a support case through our secure support portal or by contacting their Cypress representative.

If you believe you have identified a vulnerability in any Cypress product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com.

The below and subsequent firmware versions resolve CVE-2019-9506:

Part Number

Firmware

ModusToolBox BT SDK

CYW20706A1

BCM20703A1_001.001.005.0405.0000

*N/A

CYW20719B1

*N/A

CYW20721B1*N/A

CYW20719B2

CYW20719B2_002.003.026.0112

BT SDK 2.5

CYW20721B2CYW20721B2_002.003.026.0115BT SDK 2.5

CYW20819A1

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW20820A1

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW89820

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW20706A2

BCM20703A2_001.002.011.0330

BT SDK 2.5

CYW20735B1 

CYW20735B1_002.002.008.0086

BT SDK 2.5

CYW20702A1 

BCM20702A1_001.002.014.1524.0000

*N/A

CYW43012C0

CYW43012C0_003.001.015.0168

BT SDK 2.5

CYW4339

BCM4335C0_003.001.009.0171.0000

*N/A

CYW4349B1

BCM4349B1_002.002.014.0142.0000

*N/A

CYW4359D0

CYW4359D0_004.001.016.0150.0000

*N/A

CYW43455C0

BCM4345C0_003.001.025.0162.0000

*N/A

CYW4343W/CYW43438

BCM4343A1_001.002.009.0118.0000

*N/A

CYW4354A2

CYW4354A2_001.003.015.0109.0000

*N/A

CYW4373A0

CYW4373A0_001.001.025.0064.0000

*N/A

*Delivered upon request. Please contact your local Cypress FAE.

1 Comment
pilot8
New Contributor

Hi,

We use Laird BT860-SA, which is based on Cypress CYW20704A2 chip. Should we upgrade the firmware for this fix? I couldn't find the firmware upgrade for CYW20704A2. Is there a firmware available? How to upgrade the firmware? We have HCI/UART in embedded Ubuntu 18.04.

Thanks!

0 Likes