BlueBorne treat

Hi,

This is quoted directly from Armis' website, which is the security company that found several vulnerabilities including "Blueborne"[1]:

The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use.

There has been no mention of finding firmware issues with the LE peer device in their report[2], and the list of vulnerabilities are directly related to classic bluetooth (except section "Apple’s​ ​LEAP​ ​-​ ​RCE​ ​in​ ​Apple’s​ ​Low​ ​Energy​ ​Audio​ ​Protocol​ ​-​ ​CVE-2017-14315", which is a overflow vulnerability in a specific service in iOS 9 and lower).

[1] www.armis.com/.../

[2] go.armis.com/blueborne-technical-paper

Cheers, Håkon

Hi,

This is quoted directly from Armis' website, which is the security company that found several vulnerabilities including "Blueborne"[1]:

The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use.

There has been no mention of finding firmware issues with the LE peer device in their report[2], and the list of vulnerabilities are directly related to classic bluetooth (except section "Apple’s​ ​LEAP​ ​-​ ​RCE​ ​in​ ​Apple’s​ ​Low​ ​Energy​ ​Audio​ ​Protocol​ ​-​ ​CVE-2017-14315", which is a overflow vulnerability in a specific service in iOS 9 and lower).

[1] www.armis.com/.../

[2] go.armis.com/blueborne-technical-paper

Cheers, Håkon

The L2CAP vulnerability mentioned in their [whitepaper](go.armis.com/.../BlueBorne Technical White Paper-1.pdf) is part of the BLE stack. Is the Nordic softdevice at risk from vulnerabilities like this?

The vulnerabilities mentioning L2CAP are specific to the behavior in certain classic BR/EDR profiles (BNEP and SDP), and we only support bluetooth LE in our chipsets.