From Silicon Labs: New key negotiation protocol vulnerability detected for Bluetooth BR/EDR (Classic) products
About Symmetry Electronics Team
Established in 1998, Symmetry Electronics is a focused global distributor of wireless connectivity solutions, sensors, and audio-video technologies. Offering comprehensive design support and available-to-ship inventory, Symmetry is committed to helping engineers accelerate time to market, reduce costs, and offer modern solutions for their IoT designs. Acquired by Berkshire Hathaway company, TTI, Inc. in 2017, Symmetry Electronics is part of the Exponential Technology Group (XTG) – a supergroup of electronic component distributors and engineering services firms working together to advance the electronics industry. For more information, visit www.symmetryelectronics.com.
Last week, the Bluetooth SIG announced to its members an update about security vulnerability related to the encryption key negotiation protocols. According to the SIG, researchers of SUTD, CISPA and Oxford University identified a vulnerability with the encryption key negotiation protocol of Bluetooth BR/EDR. The attack makes it possible for a third party to make the victims to agree on an encryption key with only 1 byte (8 bits) of entropy, which then enables the attacker to brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages in real-time. The attack is standard-compliant because all Bluetooth BR/EDR versions require to support encryption keys with entropy between 1 and 16 bytes and do not secure the key negotiation protocol. (More information about the details of the attack for example here www.knobattack.com)
Our Wireless Gecko Bluetooth products (Blue Gecko) and BLE112, BLE113, BLE113, BLE121LR and BLED112 module products are not affected by this issue because they are based on Bluetooth LE core specification which does not have this vulnerability.
Our Bluetooth BR/EDR (BT Classic) products, which include the WT12, WT11u, WT41u, WT32, WT32i, BT111 and BT121 modules, are vulnerable to this issue. We plan to release a patches which protect against this vulnerability during October 2019
Looking to integrate Silicon Labs products with your design? Our Applications Engineers offer free design and technical help for your latest designs. Contact us today!
About Symmetry Electronics Team
Established in 1998, Symmetry Electronics is a focused global distributor of wireless connectivity solutions, sensors, and audio-video technologies. Offering comprehensive design support and available-to-ship inventory, Symmetry is committed to helping engineers accelerate time to market, reduce costs, and offer modern solutions for their IoT designs. Acquired by Berkshire Hathaway company, TTI, Inc. in 2017, Symmetry Electronics is part of the Exponential Technology Group (XTG) – a supergroup of electronic component distributors and engineering services firms working together to advance the electronics industry. For more information, visit www.symmetryelectronics.com.