Rutronik Offers an Overview For Closing Bluetooth Attack Vectors

08/10/2018 Know-How

In mid-July, the Bluetooth Special Interest Group published instructions for eliminating security vulnerabilities in the “Secure Simple Pairing” and “LE Secure Connections” processes. Rutronik now offers a manufacturer-independent overview at rutronik-tec.com/bluetooth-security-vulnerability-status/, which shows the patch status of the individual chip and module manufacturers. The site is kept up to date with the assistance of the franchise partners.

All Bluetooth specifications from V2.1+EDR to V5.0 are affected by the security vulnerability. It goes without saying that the individual device manufacturers are responsible for patching the wireless stacks in the end devices via FOTA (firmware update over the air) to ensure they are free of flaws. This feature is supported by all current Bluetooth components in the Rutronik portfolio.

As the undisputed market leader (approx. 45 percent market share) and a member of BSIG, Nordic already offers faultless stacks and Toshiba and ST are already working on patches. Therefore, the device manufacturers are required to forward the available updates to their devices as quickly as possible so that the attack gap will not actually be exploited soon.

Erratum 10734: <link www.bluetooth.org/docman/handlers/downloaddoc.ashx _blank external-link-new-window "open internal link">https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=447440&_ga=2.253269836.453099069.1533649306-1605826663.1532498694</link>