The Bluetooth SIG released an errata for the 4.2 and 5.0 versions of Bluetooth specification on July 23rd relating to a potential vulnerability with the pairing procedures.
For Bluetooth low energy; this only impacts the low energy secure connections mode of pairing, or LESC. LESC is using Diffie Helman key exchange and the potential vulnerability has to do with key validation not bein a mandatory feature in the previous releases of the specification.
Nordic Semiconductor is taking security very serious and we already mitigated this attack in the nRF5 SDK release 15 back in March 2018.
For more information please check out our the white paper about this issue on the infocenter
Hi, this is described in the whitepaper linked to in the original post.
I am using S332 in a new project and I am tied to SDK 14.2. What's the suggested mitigation in this case? Thanks!
wow computer computers for senior citizens canon support
Can I connect my wow computer with Bluetooth device?
with Bluetooth there are different security levels. If you want the highest level of security you will need to use some kind of code during pairing. This is needed to get Man In The Middle (MITM) protection. You can make solutions without codes (display/keyboard less applications) but then you will lack the MITM protection and you will not have the highest security level.