Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

Bluetooth SDK

ToKo_4602001
Level 4
50 sign-ins 25 replies posted 25 sign-ins
Level 4

Bluetooth SIG has announced some security notices on the following URL.

https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security...

Please let me know if CYW20819 has the issue related to CVE-2020-26555 and CVE-2020-26558  or not.

If yes, I'd like to get the patches or workaround.

 

Thanks

0 Likes
1 Solution
DheerajPK_41
Moderator
Moderator 750 replies posted 500 likes received 500 replies posted
Moderator

Hi,

Regarding CVE-2020-26555, The suggestion from the SIG is,
"The Bluetooth SIG is recommending that potentially vulnerable devices not initiate or accept connections from remote devices claiming the same BD_ADDR as the local device. The Bluetooth SIG continues to recommend that devices use Secure Simple Pairing or BR/EDR Secure Connections to avoid known vulnerabilities with legacy BR/EDR pairing."

So here, customers can implement the logic in their applications to reject the legacy pairing PIN request when it found the remote BD Address is the same as local. 

 

Thanks,

-Dheeraj

View solution in original post

0 Likes
7 Replies