BD is aware of, and is not impacted by, the twelve SweynTooth vulnerabilities that were recently reported by the FDA and ICS-CERT. These vulnerabilities impact Bluetooth Low Energy (BLE) Software Development Kits (SDKs), the technology that allows devices to ‘pair’ and exchange information while also prolonging battery life in devices with different power consumption and usage capabilities. Additionally, these vulnerabilities exist in specific BLE system-on-a-chip (SoC) implementations and may allow an unauthenticated user within radio range to cause deadlocks, crashes, buffer overflows, or completely bypass security on affected systems, which could lead to a denial of service.
The vulnerable versions of BLE include 5.0, 5.1, 4.2, and 4.1. The impacted SoC vendor SDKs include, but are not limited to, Cypress, Texas Instruments, Telink, STMicroelectronics, Dialog, NXP, and Microchip.