This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Why is not effect BlueBorne Vulnerability to SoftDevice

Arms labs published some Bluetooth stack vulnerability go.armis.com/.../BlueBorne Technical White Paper-1.pdf

Nordic answered that BlueBorce is no effect for LE.

Aims labs report say that these vulnerabilities are buffer region check error.

The vulnerabilities found by Armis Labs, is not found in the SoftDevice

Does this mean that the implementation of SoftDevice check buffer size every time?

  • Hi,

    Nordic is not affected by the Blueborne vulnerabilities. The Blueborne vulnerabilities are weaknesses found in specific implementations in different types of code. It is not a vulnerability in the Bluetooth specification itself, but in how different companies have implemented the specification. The SoftDevice is a total different code, it’s a stack with it’s own implementation and it don’t have any of the weakness found in Blueborne.

    In computer science, a data buffer (or just buffer) is a region of a physical memory storage used to temporarily store data while it is being moved from one place to another. It a very generic term, and buffers are used in almost all computer programs. It's good practice to check the buffer size before doing an operation with any of the data stored in a buffer, and that is a common practice used in the SoftDevice.

Related