Impact of Blueborne vulnerability?

It's pretty much exclusively based on bugs of specific rich OS systems (Linux, Windows, one iOS bug) and all shown with Classic (BR/EDR) Bluetooth stack. No glimpse of systematic BLE vulnerability or attacks on LE stacks so hard to say how it should be applicable to Nordic products...

Hi,

Under "What Devices Are Affected?", it's mentioned that products/wearables using Bluetooth Low Energy is not affected. Since the only Bluetooth solution Nordic support is Bluetooth Low Energy(and not Classic/BR/EDR), that means that Nordic is not affected by this.

Also note that Google released a patch for Android devices on Tuesday of last week; Linux and Microsoft released patches this Tuesday.

EDIT:

Armis Labs has found 8 vulnerabilities, collectively affecting Windows, iOS, and Linux-kernel-based operating systems. The Bluetooth stack Nordic uses, the SoftDevice, is a separate stack and does not use any part of the affected Bluetooth stacks. The vulnerabilities found by Armis Labs, is not found in the SoftDevice.

Also see Håkon's answer in this post.

Quote:

There has been no mention of finding firmware issues with the LE peer device in their report, and the list of vulnerabilities are directly related to classic bluetooth.

You are quoting a section of the document that refers to Android wearables. The vulnerabilities affect Bluetooth classic as well as BLE. This could well be a problem for Nordic, and requires a response from them.

Can we please get a more considered response from Nordic on the vulnerabilities that make up BlueBorne?

See the detail behind the L2CAP vulnerability in the white paper.

Is the L2CAP protocol layer part of the Nordic BLE implementation? If so, what guarantee is there that the vulnerability demonstrated in the BlueZ stack implementation doesn't also affect the Nordic stack?