Silicon Labs Silicon Labs Community
silabs.com
Language
  • 简体中文
  • 日本語
  • MCUs
    • 8-bit MCU
    • 32-bit MCU
  • Wireless
    • Bluetooth
    • Proprietary
    • Wi-Fi
    • Zigbee & Thread
    • Z-Wave
  • More Products
    • Interface
    • Isolation
    • Power
    • Sensors
    • Timing
  • Development Tools
    • Simplicity Studio
    • Third Party Tools
    • Thunderboard
  • Expert's Corner
    • Announcements
    • Blog
    • General Interest
    • Projects
  1. Community - Silicon Labs
  2. Blog

Official Blog of Silicon Labs

  • Show More
    Publish
    • Immediately
    • Draft
    • At scheduled date and time
     
      • Regarding the Fixed Coordinate Invalid Curve Attack and our Bluetooth Products

        Lars Lydersen | 07/212/2018 | 01:04 PM

        Last week, the Bluetooth SIG announced an update to the Bluetooth specification in response to a security vulnerability related to Secure Simple Pairing and LE Secure Connections.

        According to the SIG, researchers at the Israel Institute of Technology identified that the specification recommends, but does not require, that a device supporting these features validate the public key received over-the-air when pairing with a new device. The Bluetooth SIG has now updated the Bluetooth specification to require the validation of such keys.

        At initial connection, when pairing Bluetooth devices, the devices use mutual authentication to securely connect. The SIG has discovered the security vulnerability in the reference implementation of the public key validation during this mutual authentication (https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update).

        This means that an adversary could perform a man-in-the-middle attack during the pairing process, even for authenticated pairing schemes like numeric comparison or passkey entry. This allows the adversary to listen to and/or modify all the communication on the paired connection.

        Our Wireless Gecko products (Blue Gecko and Mighty Gecko) are not affected by this issue because they leverage the mbedTLS ECDH implementation that does not have this vulnerability. The BLE112, BLE113, BLE121LR and BLED112 modules are also not affected because they do not implement the feature that contains the vulnerability. Our BT Classic products, which include the BT111 and WTxx modules, are not affected.

        Our BT121 Bluetooth dual mode module is vulnerable to this issue. We expect to release a patch that protects against this vulnerability within 17th August 2018.

      Tags

      • Wireless
      • High Performance Jitter Attenuators
      • EFR32MG21 Series 2 SoCs
      • Blue Gecko Series 2
      • Zigbee SDK
      • ZigBee and Thread
      • Internet Infrastructure
      • Sensors
      • Blue Gecko Bluetooth Low Energy SoCs
      • Z-Wave
      • Micrium OS
      • Blog Posts
      • Low Jitter Clock Generators
      • Bluetooth Classic
      • Makers
      • Flex SDK
      • Tips and Tricks
      • Smart Homes
      • IoT Heroes
      • Reviews
      • RAIL
      • Simplicity Studio
      • Mighty Gecko SoCs
      • Timing
      • Blue Gecko Bluetooth Low Energy Modules
      • Clocks
      • Ultra Low Jitter Clock Generators
      • General Purpose Clock Generators
      • Industry 4.0
      • Giant Gecko
      • 32-bit MCUs
      • blue-gecko-xpress-modules
      • Bluetooth Low Energy
      • 32-bit MCU SDK
      • Gecko
      • Microcontrollers
      • News and Events
      • Industrial Automation
      • Wi-Fi
      • Bluetooth SDK
      • Community Spotlight
      • Biometric Sensors
      • General Purpose Jitter Attenuators
      • Giant Gecko S1
      • Flex Gecko
      • Internet of Things
      • 8-bit MCUs
      • Isolation
      • Powered Devices

      Top Authors

      • Avatar image Mark Mulrooney
      • Avatar image Siliconlabs
      • Avatar image Nari Shin
      • Avatar image lynchtron
      • Avatar image deirdrewalsh
      • Avatar image Lance Looper
      • Avatar image lethawicker

      Archives

      • 2014 December
      • 2015 January
      • 2015 February
      • 2015 March
      • 2015 April
      • 2015 May
      • 2015 June
      • 2015 July
      • 2015 August
      • 2015 September
      • 2015 October
      • 2015 November
      • 2015 December
      • 2016 January
      • 2016 February
      • 2016 March
      • 2016 April
      • 2016 May
      • 2016 June
      • 2016 July
      • 2016 August
      • 2016 September
      • 2016 October
      • 2016 November
      • 2016 December
      • 2017 January
      • 2017 February
      • 2017 March
      • 2017 April
      • 2017 May
      • 2017 June
      • 2017 July
      • 2017 August
      • 2017 September
      • 2017 October
      • 2017 November
      • 2017 December
      • 2018 January
      • 2018 February
      • 2018 March
      • 2018 April
      • 2018 May
      • 2018 June
      • 2018 July
      • 2018 August
      • 2018 September
      • 2018 October
      • 2018 November
      • 2018 December
      • 2019 January
      • 2019 February
      • 2019 March
      • 2019 April
      • 2019 May
      • 2019 June
      • 2019 July
      • 2019 August
      • 2019 September
      • 2019 October
      • 2019 November
      Silicon Labs
      • About Us
      • In the News
      • Email Newsletter
      • Cookies
      • Contact Us
      • Community
      • Site Feedback
      • Investor Relations
      • Blog
      • Privacy and Terms
      • Corporate Citizenship
      Copyright © Silicon Laboratories. All rights reserved.
      粤ICP备15107361号-1