Last week, the Bluetooth SIG announced an update to the Bluetooth specification in response to a security vulnerability related to Secure Simple Pairing and LE Secure Connections.
According to the SIG, researchers at the Israel Institute of Technology identified that the specification recommends, but does not require, that a device supporting these features validate the public key received over-the-air when pairing with a new device. The Bluetooth SIG has now updated the Bluetooth specification to require the validation of such keys.
At initial connection, when pairing Bluetooth devices, the devices use mutual authentication to securely connect. The SIG has discovered the security vulnerability in the reference implementation of the public key validation during this mutual authentication (https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update).
This means that an adversary could perform a man-in-the-middle attack during the pairing process, even for authenticated pairing schemes like numeric comparison or passkey entry. This allows the adversary to listen to and/or modify all the communication on the paired connection.
Our Wireless Gecko products (Blue Gecko and Mighty Gecko) are not affected by this issue because they leverage the mbedTLS ECDH implementation that does not have this vulnerability. The BLE112, BLE113, BLE121LR and BLED112 modules are also not affected because they do not implement the feature that contains the vulnerability. Our BT Classic products, which include the BT111 and WTxx modules, are not affected.
Our BT121 Bluetooth dual mode module is vulnerable to this issue. We expect to release a patch that protects against this vulnerability within 17th August 2018.
This week, we’ve introduced a Wireless Gecko software solution created to simplify industrial and commercial IoT applications using sub-GHz wireless connections by adding Bluetooth connectivity. The new hardware and software solution enables simultaneous sub-GHz and 2.4 GHz Bluetooth low energy connectivity for commercial and industrial IoT applications, such as smart metering, home and building automation, and commercial lighting.
This is important for the industrial and commercial sectors for several reasons – for one, it’ll make it much easier for people working in these environments to set-up, control, and monitor sub-GHz IoT devices using Bluetooth low energy mobile apps.
Sub-GHz wireless protocols are used extensively in industrial and commercial settings because many of them require a combination of energy efficiency, long battery life, and extended range for remote sensor nodes. Proprietary sub-GHz protocols allow developers to optimize their wireless solution to their specific needs instead of conforming to a standard that might put additional constraints on network implementation. With our new software solution, sub-GHz protocols can still be utilized for their benefits, but users can also easily manage the system using Bluetooth mobile apps on a variety of devices, such as tablets or smart phones.
Sub-GHz environments are typically low-data-rate systems, such as simple point-to-point connections to large mesh networks and low-power wide area networks (LPWAN). By adding Bluetooth with low energy connectivity to wireless networks in the sub-GHz band, developers can deliver new capabilities such as faster over-the-air (OTA) updates and deploy scalable, location-based service infrastructure with Bluetooth beacons.
Single Chip Reduces Cost by 40 Percent
IoT developers stand to gain tremendous development benefits by avoiding the complexity of two-chip wireless architectures. By using a single chip with both sub-GHz and BLE connectivity, developers can simplify hardware and software development, which can speed time-to-market and reduce bill-of-materials (BOM) cost and size by up to 40 percent.
Accenture estimates industrial IoT could add $14.2 trillion to the global economy by 2030, making the deployment potential of this solution especially massive. Any new technology developments such as this one that helps developers control and monitor industrial and commercial devices and data more easily leads to efficiency and economic gains for both businesses and the users.
Mobile control applications are often a crucial piece of industrial and commercial automation, giving system operators a quick and easy way to control equipment. For instance, commercial lighting depends heavily on mobile devices, which control lighting on/off schedules, energy efficient modes and rules, and dimming based on occupancy using ambient light sensors. Often times, the mobile app may be the only control interface installers, designers and site managers have for project commissioning and configuration.
Bluetooth connectivity allows the device apps and interface to be simple, which can make a difference in user adoption, as many lighting and commercial controls can be complex and difficult to manage.
Our new solution will clearly yield impressive benefits for both developers and the users of the industrial applications. Fortunately, the new multiprotocol software is now available using Silicon Labs’ EFR32MG and EFR32BG Wireless Gecko SoCs. Check out more details here if you’re working on a product that could benefit from the solution.