This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[FAQ] Bluetooth® Low Energy spoofing attack (BLESA) – TI Statement

Other Parts Discussed in Thread: BLE-STACK, CC2541, CC2540, CC2650, CC2640

Summary:

TI is aware of the recently reported Bluetooth® Low Energy spoofing attack (BLESA) vulnerability, which may occur within certain, allowable use of Bluetooth Low Energy. Customer applications that use TI CC26xx, CC13xx or CC254x devices should use available services in the TI Bluetooth Low Energy SDKs to apply recommended mitigations as noted below. Customer applications that use TI dual-mode Bluetooth devices (CC2564x, WL18xx) should use the available services in the Bluetopia Stack as described in the suggested mitigations below.

The BLESA vulnerability describes two scenarios in which the attacks may potentially succeed:
1. If bonding was established between two devices and the Generic Attribute Profile (GATT) client trusts the server with a response for a service request with insufficient encryption, authentication or authorization
2. The GATT client continues with an unencrypted link with the server in case encryption request fails with the previously bonded devices

Suggested mitigations:

Based on the current analysis of the vulnerability, the recommended mitigation is for the application to ensure that any access to GATT characteristics that require an encrypted, authenticated or authorized link cannot be achieved without the needed security restrictions at the service level. The recommended mitigation is applicable to applications that incorporate the Generic Access Profile (GAP) central role to (i) initiate encryption once a connection is established with a previously bonded device and (ii) in case the encryption process fails, because the peer does not have the long term key (LTK), either re-initiate pairing or terminate the link.

The Gap Bond Manager in TI Bluetooth Low Energy SDKs for CC26xx/13xx and CC254x devices (see SDK links in table below) provides the needed services to apply the recommended mitigations for the application. The Gap Bond Manager initiates encryption with previously bonded devices and allows the user to configure the device to either initiate pairing again or terminate the link by setting gapBond_BondFailOption parameter.

SDK

SDK Link

CC2640R2 SDK BLE-STACK

https://www.ti.com/tool/SIMPLELINK-CC2640R2-SDK

CC2640R2 SDK BLE5-STACK

CC13X2-26X2-SDK, BLE5-STACK

https://www.ti.com/tool/SIMPLELINK-CC13X2-26X2-SDK

BLE-STACK (support for CC2540/CC2541)

https://www.ti.com/tool/BLE-STACK

BLE-STACK (support for CC2640/CC2650)

CC13x0 SDK, BLE-STACK

https://www.ti.com/tool/SIMPLELINK-CC13X0-SDK

 

The Bluetopia stack for TI dual-mode Bluetooth devices (CC2564x, WL18xx) provides the services mentioned above at the application level. The applications may initiate encryption for the previously bonded devices by calling the Bluetopia stack API “HCI_LE_Start_Encryption()”. The Bluetopia stack notifies the application asynchronously of the result of the encryption procedure through event notifications, “etEncryption_Change_Event”, ”etEncryption_Key_Refresh_Complete_Event”. In the event of a failure, an error code is returned and the application may terminate the bonding/link and initiate a new pairing procedure.

Bluetopia Stack

Bluetopia Stack Link

BluetopiaPM stack for Linux environments

https://www.ti.com/tool/TI-BT-4-2-STACK-LINUX-ADDON

Bluetopia for STM32F4 MCU

https://www.ti.com/tool/CC2564CSTBTBLESW

Bluetopia for MSP432 MCU

https://www.ti.com/tool/CC2564CMSP432BTBLESW

 

 

IMPORTANT NOTICE AND DISCLAIMER

 

TI PROVIDES TECHNICAL AND RELIABILITY DATA (INCLUDING DATASHEETS), DESIGN RESOURCES (INCLUDING REFERENCE DESIGNS), APPLICATION OR OTHER DESIGN ADVICE, WEB TOOLS, SAFETY INFORMATION, AND OTHER RESOURCES “AS IS” AND WITH ALL FAULTS, AND DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS.

 

These resources are intended for skilled developers designing with TI products. You are solely responsible for (1) selecting the appropriate TI products for your application, (2) designing, validating and testing your application, and (3) ensuring your application meets applicable standards, and any other safety, security, or other requirements. These resources are subject to change without notice. TI grants you permission to use these resources only for development of an application that uses the TI products described in the resource. Other reproduction and display of these resources is prohibited. No license is granted to any other TI intellectual property right or to any third party intellectual property right. TI disclaims responsibility for, and you will fully indemnify TI and its representatives against, any claims, damages, costs, losses, and liabilities arising out of your use of these resources. TI’s products are provided subject to TI’s Terms of Sale (https://www.ti.com/legal/terms-of-sale.html) or other applicable terms available either on ti.com or provided in conjunction with such TI products. TI’s provision of these resources does not expand or otherwise alter TI’s applicable warranties or warranty disclaimers for TI products.

 

Mailing Address: Texas Instruments, Post Office Box 655303, Dallas, Texas 75265

Copyright © 2020, Texas Instruments Incorporated