SweynTooth Bluetooth Low Energy Vulnerability

SweynTooth Vulnerability

Bluetooth® low energy

Dialog Semiconductor is aware of a Bluetooth low energy vulnerability named SweynTooth. This is published as a white paper by the Singapore University of Technology and Design. The white paper and a tool to reproduce this is available at the following link: https://asset-group.github.io/disclosures/sweyntooth/

The tool simulates a malicious attack and categorizes the level of vulnerability in the Bluetooth IC’s. Dialog Semiconductor Bluetooth devices were included in the investigation and found to be vulnerable to attacks that could force products to reset.

Dialog Semiconductor is taking action to provide solutions to our customers. Below is a list of the Dialog Bluetooth Low Energy devices describing how these are affected by the Sweyntooth vulnerabilities.

The vulnerabilities affecting Dialog devices do not let the attacker inject code into memory to by-pass the available Bluetooth security mechanism.

For any enquiries, please contact your Dialog sales representative.

The table below will be updated as the situation develops. 

Device SDK Vulnerability Resolution Status/plan
DA14580/DA14581/DA14583 SDK3.0.x CVE-2019-17517 Hotfix release. Contact your Dialog sales representative. March 20, 2020
SDK5.0.4 CVE-2019-17517 Hotfix release available on-line March 20, 2020
DA14585/DA14586 SDK6.0.12 CVE-2019-17517 Hotfix release available on-line March 6, 2020

 

SDK6.0.14 CVE-2019-17517 New SDK release April 2020
DA14680/DA14681/
DA14682/DA14683
SDK1.0.14 CVE-2019-17518 Hotfix release available on-line Feb 28, 2020
DA1469x SDK10.0.4 CVE-2019-17518 Upgrade to newer SDK -
SDK10.0.6 Not affected - -
SDK10.0.8 Not affected - -
DA14531 SDK6.0.12 Not affected - -