Are BLE SoftDevices security audited?

Nordic’s SoftDevice has been independently audited in cooperation with lead customers in the medical product field. In these cases, Nordic SoftDevices, and our development and quality processes, have been approved to their standards. We cannot release the reports from these audits publically.

Nordic claims our SoftDevices are qualified Bluetooth Low Energy implementations adhering to, and tested against, all requirements with regard to security. In addition, Nordic tests SoftDevices for valid and invalid application and peer behavior towards the API and wireless interfaces.

If you would like to identify yourself to one of our Regional Sales Managers, we would be prepared to answer any further specific questions.

Thank you. Could the ARM Cortex-M4 MPU or the nRF52 MWU be used to ensure that the SoftDevice cannot access the application space (code, data) and defined output pins of the nRF52, so that audited security could be added in the application space with guaranteed separation, even if a code execution exploit did exist in the SoftDevice?

Thank you. Could the ARM Cortex-M4 MPU or the nRF52 MWU be used to ensure that the SoftDevice cannot access the application space (code, data) and defined output pins of the nRF52, so that audited security could be added in the application space with guaranteed separation, even if a code execution exploit did exist in the SoftDevice?