Search Symmetry

Close
  1. Home
  2. Symmetry Blog
  3. New key negotiation protocol vulnerability

From Silicon Labs: New key negotiation protocol vulnerability detected for Bluetooth BR/EDR (Classic) products

Symmetry Electronics Team in Blogs on October 27, 2019

About Symmetry Electronics Team

Established in 1998, Symmetry Electronics is a focused global distributor of wireless connectivity solutions, sensors, and audio-video technologies. Offering comprehensive design support and available-to-ship inventory, Symmetry is committed to helping engineers accelerate time to market, reduce costs, and offer modern solutions for their IoT designs. Acquired by the Berkshire Hathaway company TTI, Inc. in 2017, Symmetry Electronics is headquartered in Los Angeles with international offices in Mexico, Canada, and China.

Last week, the Bluetooth SIG announced to its members an update about security vulnerability related to the encryption key negotiation protocols. According to the SIG, researchers of SUTD, CISPA and Oxford University identified a vulnerability with the encryption key negotiation protocol of Bluetooth BR/EDR. The attack makes it possible for a third party to make the victims to agree on an encryption key with only 1 byte (8 bits) of entropy, which then enables the attacker to brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages in real-time. The attack is standard-compliant because all Bluetooth BR/EDR versions require to support encryption keys with entropy between 1 and 16 bytes and do not secure the key negotiation protocol. (More information about the details of the attack for example here www.knobattack.com)

Our Wireless Gecko Bluetooth products (Blue Gecko) and BLE112, BLE113, BLE113, BLE121LR and BLED112 module products are not affected by this issue because they are based on Bluetooth LE core specification which does not have this vulnerability.

Our Bluetooth BR/EDR (BT Classic) products, which include the WT12, WT11u, WT41u, WT32, WT32i, BT111 and BT121 modules, are vulnerable to this issue. We plan to release a patches which protect against this vulnerability during October 2019

 

Source: https://www.silabs.com/community/blog.entry.html/2019/09/07/new_key_negotiationprotocolvulnerabilitydetecte-PzNQ

 

Looking to integrate Silicon Labs products with your design? Our Applications Engineers offer free design and technical help for your latest designs. Contact us today!

Share

Symmetry Electronics Team in Blogs on October 27, 2019

About Symmetry Electronics Team

Established in 1998, Symmetry Electronics is a focused global distributor of wireless connectivity solutions, sensors, and audio-video technologies. Offering comprehensive design support and available-to-ship inventory, Symmetry is committed to helping engineers accelerate time to market, reduce costs, and offer modern solutions for their IoT designs. Acquired by the Berkshire Hathaway company TTI, Inc. in 2017, Symmetry Electronics is headquartered in Los Angeles with international offices in Mexico, Canada, and China.

Why partner with Symmetry Electronics? Symmetry's technical staff is specially trained by our suppliers to provide a comprehensive level of technical support. Our in-house Applications Engineers provide free design services to help customers early in the design cycle, providing solutions to save them time, money and frustration. Contact Symmetry for more information.

Browse

See all tags

Subscribe

Stay up to date with industry and supplier news!