Microchip is aware of a Bluetooth security vulnerability named BIAS. This is a vulnerability found in the Bluetooth Core Specification that impacts Secure Connections in Bluetooth. LE Secure Connections as part of the Bluetooth Low Energy specification is not affected.
We have determined that this vulnerability affects some Microchip products. We take all security issues very seriously and we are currently working on firmware updates to resolve this vulnerability.
The vulnerability has the potential to attack paired Bluetooth devices using mutual authentication as part of Secure Connections. In a successful attack, the attacker can impersonate one side of a paired connection. If one side is patched to address this vulnerability, then the pairing will be secure.
The table below lists Microchip products affected by the BIAS vulnerability and information about a proposed resolution. This page will be updated on a regular basis as we make progress on resolving this vulnerability.