Microchip is aware of a Bluetooth Low Energy (BLE) security vulnerability named SweynTooth, originally published by the Singapore University of Technology and Design. The white paper detailing this vulnerability is available at the following link: https://asset-group.github.io/disclosures/sweyntooth/
Microchip takes security issues seriously and is currently working to understand the issue and provide solutions for our clients. We have determined that this vulnerability affects some of our BLE products. This page will provide the latest insight and will be updated regularly.
The table below lists Microchip products affected by SweynTooth and a proposed resolution.
The affected BLE devices may become unresponsive and may require a reset from the host microcontroller when attacked.
One of the most serious of the ten published vulnerabilities is CVE-2019-19194 (6.10). This vulnerability enables an attacker in range of the radio transmission to bypass the “Secure Connections” pairing mode. No Microchip devices are affected by the CVE-2019-19194 (6.10).