Announcements
IMPORTANT: Cypress Developer Community is transitioning on October 20th. To learn more and be prepared for this change, check out our latest announcement.
cancel
Showing results for 
Search instead for 
Did you mean: 

Security Bulletin

MichaelF_56
Moderator
Moderator

Security Bulletin: Public Statement on Bluetooth SIG Member Statement on Bluetooth Impersonation Attack (“BIAS”) Inquiries CVE-2020-10135

Introduction

The Bluetooth SIG has issued a statement regarding Bluetooth security vulnerabilities outlined in the research paper from the École Polytechnique Fédérale de Lausanne and captured in CVE-2020-10135. The following summarizes the SIG recommendations in the statement, and Cypress’ response:

SIG Recommendation

Cypress Response

Use the Secure-Connections-Only mode

All Cypress-provided Bluetooth firmware supports Secure-Connections-Only mode

Use a software stack that addresses CVE-2019-9506

Cypress software has resolved CVE-2019-9506 (see below for firmware versions)

Do not use the authentication-complete HCI event (or equivalent) in a host or application to affect any change in security role or access level by a remote authenticated device

Cypress-provided Bluetooth firmware does not use the authentication-complete HCI event to affect security role or access level changes

In addition, Cypress’ Bluetooth firmware provides the following:

  • Requests for role change during secure authentication will result in authentication failure
  • Because initial privacy settings are stored in device NVRAM, any subsequent attempt to change security levels are rejected

For further questions, our customers can create a support case through our secure support portal or by contacting their Cypress representative.

If you believe you have identified a vulnerability in any Cypress product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com.

The below and subsequent firmware versions resolve CVE-2019-9506:

Part Number

Firmware

ModusToolBox BT SDK

CYW20706A1

BCM20703A1_001.001.005.0405.0000

*N/A

CYW20719B1

*N/A

CYW20721B1*N/A

CYW20719B2

CYW20719B2_002.003.026.0112

BT SDK 2.5

CYW20721B2CYW20721B2_002.003.026.0115BT SDK 2.5

CYW20819A1

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW20820A1

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW89820

CYW20819A1_001.002.012.0131

BT SDK 2.5

CYW20706A2

BCM20703A2_001.002.011.0330

BT SDK 2.5

CYW20735B1 

CYW20735B1_002.002.008.0086

BT SDK 2.5

CYW20702A1 

BCM20702A1_001.002.014.1524.0000

*N/A

CYW43012C0

CYW43012C0_003.001.015.0168

BT SDK 2.5

CYW4339

BCM4335C0_003.001.009.0171.0000

*N/A

CYW4349B1

BCM4349B1_002.002.014.0142.0000

*N/A

CYW4359D0

CYW4359D0_004.001.016.0150.0000

*N/A

CYW43455C0

BCM4345C0_003.001.025.0162.0000

*N/A

CYW4343W/CYW43438

BCM4343A1_001.002.009.0118.0000

*N/A

CYW4354A2

CYW4354A2_001.003.015.0109.0000

*N/A

CYW4373A0

CYW4373A0_001.001.025.0064.0000

*N/A

*Delivered upon request. Please contact your local Cypress FAE.

1 Comment
pilot8
New Contributor

Hi,

We use Laird BT860-SA, which is based on Cypress CYW20704A2 chip. Should we upgrade the firmware for this fix? I couldn't find the firmware upgrade for CYW20704A2. Is there a firmware available? How to upgrade the firmware? We have HCI/UART in embedded Ubuntu 18.04.

Thanks!

0 Likes