We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X

The Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) has disclosed reports for three vulnerabilities related to the Bluetooth® Core Specification to the Bluetooth SIG. Here is a short summary of these vulnerabilities:

Impersonation in the Passkey Entry Protocol: (CVE-2020-26558) (VU#799380.8 TLP:AMBER)

The Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge of the passkey.

Impacted Specifications:

  • BR/EDR Bluetooth Core Specification 2.1 through 5.2
  • BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
  • BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2
  • LE Bluetooth Core Specification 4.2 through 5.2
  • LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2

Authentication of the LE Legacy Pairing Protocol: (VU#799380.5 TLP:AMBER)

The authentication property of the Bluetooth LE Legacy Pairing procedures is vulnerable to a reflection attack. A remote attacker without knowledge of the token key can complete the authentication protocol.

Impacted Specifications:

  • LE Bluetooth Core Specification 4.0+
  • LE Legacy Pairing authentication in Bluetooth Core Specification versions 4.0 through 5.2

Impersonation in the PIN Pairing Protocol: (CVE-2020-26555(VU#799380.7 TLP:AMBER)

The Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.

Impacted Specifications:

  • Bluetooth Specific 1.0+
  • BR/EDR pin-code pairing in Bluetooth Core Specification versions 1.0B through 5.2

We take security issues seriously, and we are currently working to mitigate the issues and provide solutions for our clients. We have determined that this vulnerability affects some of our networking products. This page will provide the latest insight and may be updated from time to time.

Microchip Bluetooth/Bluetooth Low Energy Products Status


Family

Affected By This Vulnerability

Will It Be Fixed?

Expected Timeline for Fix

Bluetooth® Classic/Dual Mode

BM78, RN4678, IS1678

    VU#799380.8: Yes

    VU#799380.7: Yes

Flash parts only

VU#799380.8: Yes

    VU#799380.7: No; we suggest client disable PIN code function

    In plan

    In plan

RN41, RN42

    VU#799380.8: No

    VU#799380.7: Yes

    VU#799380.7: No; we suggest client disable PIN code function

 

Bluetooth Audio

BM83, IS2083

    VU#799380.8: Yes

    VU#799380.7: Yes

    VU#799380.8: Yes

    VU#799380.7: No; PIN code pairing is disabled

    2021 CQ4

BM64, BM62, IS2064, IS2062,  IS2066B

    VU#799380.8: No

    VU#799380.7: Yes

    VU#799380.7: No; we suggest client disable PIN code function

 

IS2008, IS2010, IS2013, IS2015, IS2020, IS2021, IS2022, IS2023, IS2025, BM23

    VU#799380.8: No

    VU#799380.7: Yes

    VU#799380.7: No; we suggest client disable PIN code function

 

Bluetooth Low Energy Only Devices

SAM B11, BTLC (BT v4.1)

    VU#799380.8: No

    VU#799380.7: No

 

 

BM70, RN4870 (BT v5.0)

    VU#799380.8: Yes

    VU#799380.7: No

    VU#799380.8: Yes

    In plan

    In plan

WILC3000 (BT v4.1)

    VU#799380.8: No

    VU#799380.7: No

 

 

WINC3400 (BT v4.1)

    VU#799380.8: No

    VU#799380.7: No

 

 

RN4020 (BT v4.0)

    VU#799380.8: No

    VU#799380.7: No