BD Products Are Not Impacted by Recently Announced SweynTooth Vulnerabilities

Background

BD is aware of, and is not impacted by, the twelve SweynTooth vulnerabilities that were recently reported by the FDA and ICS-CERT. These vulnerabilities impact Bluetooth Low Energy (BLE) Software Development Kits (SDKs), the technology that allows devices to ‘pair’ and exchange information while also prolonging battery life in devices with different power consumption and usage capabilities. Additionally, these vulnerabilities exist in specific BLE system-on-a-chip (SoC) implementations and may allow an unauthenticated user within radio range to cause deadlocks, crashes, buffer overflows, or completely bypass security on affected systems, which could lead to a denial of service.

The vulnerable versions of BLE include 5.0, 5.1, 4.2, and 4.1. The impacted SoC vendor SDKs include, but are not limited to, Cypress, Texas Instruments, Telink, STMicroelectronics, Dialog, NXP, and Microchip.

Response

After thorough analysis, BD Product Teams have concluded that no BD products contain BLE SoCs; therefore, BD products are not impacted by the SweynTooth vulnerabilities (ICS-ALERT-20-063-01).