As mentioned in this article are these vulnerabilities addressed in Nordic Semiconductor's products?
https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html
Best regards,
Vishnu Pradeep
As mentioned in this article are these vulnerabilities addressed in Nordic Semiconductor's products?
https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html
Best regards,
Vishnu Pradeep
Final update:
The investigation is now finished.
Nordic has determined:
- nRF51 SoftDevices are NOT affected by these attacks (S110, S120, S130 all versions)
- nRF52 SoftDevices are NOT affected by these attacks (S112, S113, S132, S140 all versions)
Is there an official communicate from Nordic regarding this assessment?
Is there an official communicate from Nordic regarding this assessment?
All vulnerabilities have registered CVEs and are documented here:
https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf
All CVEs identify the hardware and software platforms affected. Nordic is not documented as an affected platform.
The fact that our devices and software are unaffected is evidenced in the fact we are not identified in the CVEs. We do not need to issue an official statement to verify this, it can be independently verified by anyone as the CVE database is public.
In general:
I recommend to regularly check the PCN and IN section on infocenter, if there are any information we want you to be aware it will be listed there, for instance check out for the nRF52832 here:
https://infocenter.nordicsemi.com/topic/struct_nrf52/struct/nrf52832_pcn.html
At the same time check out the Errata section for any new issues that may have been identified that you should consider to handle in your application:
https://infocenter.nordicsemi.com/topic/struct_nrf52/struct/nrf52832_errata.html
Based on your input above and the non-existence of a security IN for nRF8001, I assume that nRF8001 is also deemed not affected by SweynTooth.