Log in to myMicrochip to access tools and benefits. Sign up in just one minute.
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here
Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here
Complete your profile to access more resources.Update Here!
true
Research conducted by Purdue University and Pennsylvania State University have uncovered five security vulnerabilities in the Bluetooth® Low Energy peripheral implementations in various devices that affect Microchip Bluetooth products. The associated paper has been accepted for publication at the 44th IEEE® Symposium on Security and Privacy, 2023.
The following is a short summary of these vulnerabilities:
- Unresponsiveness with ConReqTimeoutZero, CVE-2022-46399: An attacker in radio range can exploit the issue to cause a surreptitious denial of service to Bluetooth. Though this attack is made via Bluetooth Low Energy, the affected smartphone turns off both Bluetooth Low Energy and Bluetooth Classic (BR/EDR) without notifying the user. To resolve this, the user must manually restart Bluetooth Low Energy and, in some cases, the smartphone too.
- Bypassing passkey entry in legacy pairing, CVE-2022-46400: The impact of this deviation is catastrophic. With this passkey entry bypass, it is possible to do a Man in the Middle (MiTM) attack with the Bluetooth Low Energy implementation. This is worse than just a works association method attack because it might deceive users into thinking they have a high level of protection when in reality they are not protected.
- Accepts PauseEncReqPlainText before pairing is complete, CVE-2022-46401: The Bluetooth Low Energy implementation goes to a faulty state, discards other messages from the central and creates a service issue. Devices without this vulnerability will ignore the message, will not change state and will complete the pairing and encryption procedures as expected.
- Accepts PairCon_rmSend with wrong values, CVE-2022-46402: An attacker in radio range acting as a central can do a denial of service to the device.
- Issue with reject messages, CVE-2022-46403: This can create a potential interoperability issue among different devices.
Note: Vulnerability #2, CVE-2022-46399, bypassing passkey entry in legacy pairing, was fixed in the latest firmware for all our Bluetooth Low Energy products. Please download the latest firmware from the product page for a selected device.