From Silicon Labs: New key negotiation protocol vulnerability detected for Bluetooth BR/EDR (Classic) products
About Symmetry Electronics
Established in 1998, Symmetry Electronics, a Division of Braemac, is a global distributor of electronic components and systems. Combining premier components and comprehensive value-added services with an expert in-house engineering team, Symmetry supports engineers in the design, development, and deployment of a broad range of connected technologies.
Exponential Technology Group Member
Acquired by Berkshire Hathaway company TTI, Inc. in 2017, Symmetry Electronics is a proud Exponential Technology Group (XTG) member. A collection of specialty semiconductor distributors and engineering design firms, XTG stands alongside industry leaders TTI Inc., Mouser Electronics, and Sager Electronics. Together, we provide a united global supply chain solution with the shared mission of simplifying engineering, offering affordable technologies, and assisting engineers in accelerating time to market. For more information about XTG, visit www.xponentialgroup.com.
Last week, the Bluetooth SIG announced to its members an update about security vulnerability related to the encryption key negotiation protocols. According to the SIG, researchers of SUTD, CISPA and Oxford University identified a vulnerability with the encryption key negotiation protocol of Bluetooth BR/EDR. The attack makes it possible for a third party to make the victims to agree on an encryption key with only 1 byte (8 bits) of entropy, which then enables the attacker to brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages in real-time. The attack is standard-compliant because all Bluetooth BR/EDR versions require to support encryption keys with entropy between 1 and 16 bytes and do not secure the key negotiation protocol. (More information about the details of the attack for example here www.knobattack.com)
Our Wireless Gecko Bluetooth products (Blue Gecko) and BLE112, BLE113, BLE113, BLE121LR and BLED112 module products are not affected by this issue because they are based on Bluetooth LE core specification which does not have this vulnerability.
Our Bluetooth BR/EDR (BT Classic) products, which include the WT12, WT11u, WT41u, WT32, WT32i, BT111 and BT121 modules, are vulnerable to this issue. We plan to release a patches which protect against this vulnerability during October 2019
Looking to integrate Silicon Labs products with your design? Our Applications Engineers offer free design and technical help for your latest designs. Contact us today!
About Symmetry Electronics
Established in 1998, Symmetry Electronics, a Division of Braemac, is a global distributor of electronic components and systems. Combining premier components and comprehensive value-added services with an expert in-house engineering team, Symmetry supports engineers in the design, development, and deployment of a broad range of connected technologies.
Exponential Technology Group Member
Acquired by Berkshire Hathaway company TTI, Inc. in 2017, Symmetry Electronics is a proud Exponential Technology Group (XTG) member. A collection of specialty semiconductor distributors and engineering design firms, XTG stands alongside industry leaders TTI Inc., Mouser Electronics, and Sager Electronics. Together, we provide a united global supply chain solution with the shared mission of simplifying engineering, offering affordable technologies, and assisting engineers in accelerating time to market. For more information about XTG, visit www.xponentialgroup.com.