- TI is aware of the recent announcement regarding a potential vulnerability that may be present during initial pairing with certain Bluetooth®-enabled devices. Like many other companies, we are actively working with the Bluetooth Special Interest Group (SIG) and our software partners to understand and verify the issue, and identify potential mitigation paths.
- As described in the Bluetooth’s SIG’s announcement, several factors may need to be present for this vulnerability to be intentionally exploited:
– The attack attempt must occur while the devices are in initial pairing or provisioning process
– Both sides of the Bluetooth-linked products need to be vulnerable (if one side of the link performs public key validation, the attack cannot be exploited)
– Attacker must be in close physical proximity to the pairing devices
– Multiple attempts are usually required
- TI has identified that certain TI Bluetooth and Bluetooth Low Energy (BLE) wireless MCU devices may be affected:
– TI BLE Stack: CC26xx and CC13xx families
– TI Dual-Mode Bluetooth Stack for BLE: CC2564C, and WL18xx devices
– TI Dual-Mode Bluetooth Service Pack for BT Classic: CC2564x, WL18xx , and WL12xx devices
- Customers using these devices should reference information available from Bluetooth SIG to understand more about the nature of this potential vulnerability and to determine whether their application is affected based on how it is being used. The level of action needed will likely vary depending on the use-case of each end-product.
- Below is information on software updates available for TI devices implementing Bluetooth Erratum 10734.
– Software updates for several TI BLE-Stack devices have already been deployed in the latest SDK available:
- CC2650/CC2640: http://www.ti.com/tool/BLE-STACK (v 2.2.2 and greater)
- CC2640R2: http://www.ti.com/tool/SIMPLELINK-CC2640R2-SDK (v 2.20.00.49 and greater)
- CC26x2R: http://www.ti.com/tool/SIMPLELINK-CC26x2-SDK (v 2.20.00.36 and greater)
- CC1352R: http://www.ti.com/tool/SIMPLELINK-CC13x2-SDK (v 2.20.00.71 and greater)
- CC1350: http://www.ti.com/tool/SIMPLELINK-CC13x0-SDK (v2.30.00.20 and greater)
– Software updates have also now been released for the following TI Dual-mode device families. Please feel free to subscribe for any future updates by clicking the “Alert Me” button through the links below for each device type implemented.
- TI Dual-Mode Bluetooth Stack for CC2564C, and WL18xx devices
- CC2564C for MSP432 : http://www.ti.com/tool/CC2564CMSP432BTBLESW
- CC2564C for STM: http://www.ti.com/tool/CC2564CSTBTBLESW
- WL18xx and CC2564C for Sitara : http://www.ti.com/tool/ti-bt-4-2-stack-linux-addon
- TI Dual-Mode Bluetooth Service Packs for CC2564C and WL18xx devices
- CC2564C SP : http://www.ti.com/tool/cc256xc-bt-sp
- WL18xx SP : http://www.ti.com/tool/wl18xx-bt-sp
– For information on other devices implemented that are not listed above, please contact bt_ble_fcic@list.ti.com.
