https://devzone.nordicsemi.com/f/nordic-q-a/59134/a-suite-of-vulnerabilities-related-to-devices-using-low-energy-ble-wireless-communications-protocolGood afternoon, Today we had a question about the certification of our product related to the reliability of communication. We received a letter of the following content: I would like to receive your comments regarding the detected vulnerabilitiesen-USTelligent Community 13Mon, 23 Mar 2020 08:45:03 GMThttps://devzone.nordicsemi.com/thread/241045?ContentTypeID=1Mon, 23 Mar 2020 08:45:03 GMT137ad170-7792-4731-bb38-c0d22fbe4515:491d8912-52f6-4aea-bd77-82195a4d0794CheMax<p>Hi,&nbsp;below the contents of the letter:</p> <p><pre class="ui-code" data-mode="text">Hi Maxim, All vulnerabilities have registered CVEs and are documented here: https://asset-group.github.io/disclosures/sweyntooth/sweyntooth.pdf All CVEs identify the hardware and software platforms affected. Nordic is not documented as an affected platform. The fact that our devices and software are unaffected is evidenced in the fact we are not identified in the CVEs. We do not need to issue an official statement to verify this, it can be independently verified by anyone as the CVE database is public. MACIEJ MICHNA | Regional Sales Manager M +48 600 439 203 | Krak&#243;w, Poland nordicsemi.com | devzone.nordicsemi.com </pre></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/241021?ContentTypeID=1Mon, 23 Mar 2020 03:22:19 GMT137ad170-7792-4731-bb38-c0d22fbe4515:b56b6cda-faff-4e22-bc72-4acda014925chad23j<p><a href="https://devzone.nordicsemi.com/members/chemax">CheMax</a> were you able to get a document to prove that&nbsp;<span>nRF52 BLE stacks are&nbsp;</span><strong>not&nbsp;</strong><span>affected by&nbsp;</span><strong>any&nbsp;</strong><span>of the sweyntooth&nbsp;vulnerabilities ?</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/240019?ContentTypeID=1Mon, 16 Mar 2020 13:17:21 GMT137ad170-7792-4731-bb38-c0d22fbe4515:7210ef7f-3c26-4bd6-972e-dc359f925d85CheMax<p>Ok, thanks.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/240010?ContentTypeID=1Mon, 16 Mar 2020 13:03:32 GMT137ad170-7792-4731-bb38-c0d22fbe4515:3bfb9406-13ea-4a9a-a840-4e120f824e85Simonr<p>Hi</p> <p>Please contact your local RSM for more details on what tests we did to confirm that we are not affected by these vulnerabilities.&nbsp;</p> <p>Best regards,</p> <p>Simon</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/239958?ContentTypeID=1Mon, 16 Mar 2020 10:58:44 GMT137ad170-7792-4731-bb38-c0d22fbe4515:e1dcea9e-1fe8-4e67-98af-d873816113edCheMax<p>Hi Simon,</p> <p>Thanks for very fast answer.&nbsp;</p> <p>It is wonderful that there are no vulnerabilities. In the article, as I understand it, not all manufacturers are listed, for example, the same Silabs are also absent.<br />How can you confirm your assurances to the auditors if they have questions?<br />Unfortunately they may not believe a word :(</p> <p>Best regards</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/239954?ContentTypeID=1Mon, 16 Mar 2020 10:47:24 GMT137ad170-7792-4731-bb38-c0d22fbe4515:2eae7ce2-7289-46e8-809b-d0ea9e236831Simonr<p>Hi Max</p> <p>We&#39;ve tested these vulnerabilities up against our BLE devices, and we&#39;ve found that our integration and system tests have been testing all the sequences of transactions that have been used to explore the vulnerabilities in the BLE chips. These tests have been in our system for years. This means that&nbsp;<strong>all&nbsp;</strong>versions of our nRF51 and nRF52 BLE stacks are&nbsp;<strong>not&nbsp;</strong>affected by&nbsp;<strong>any&nbsp;</strong>of these vulnerabilities.&nbsp;<strong></strong>As you can see in the article in question, Nordic Semiconductor is not mentioned as one of the affected devices.</p> <p>Best regards,</p> <p>Simon</p><div style="clear:both;"></div>