• Locked Locked
  • Replies 1 reply
  • Subscribers 40 subscribers
  • Views 927 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Advisory : "Blueborne" attack vector

Vihang Parmar
Mastermind 29250 points

TI’s Connected MCU business has reviewed the "BlueBorne" white paper published by Armis Labs and the CVEs published in the white paper listed below:

  • Linux kernel RCE vulnerability - CVE-2017-1000251
  • Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017-1000250
  • Android information Leak vulnerability - CVE-2017-0785
  • Android RCE vulnerability #1 - CVE-2017-0781
  • Android RCE vulnerability #2 - CVE-2017-0782
  • The Bluetooth Pineapple - Logical Flaw CVE-2017-0783 & CVE-2017-8628
  • RCE in Apple’s Low Energy Audio Protocol - CVE-2017-14315.

Based on an internal review, our assessment is that these vulnerabilities/exploits are not applicable to the following TI Bluetooth® products:

  • TI Dual-Mode Bluetooth Stack, TI’s officially supported Bluetooth stack used on supported host processors in conjunction with the CC256x, and WL18xx families of Bluetooth controllers.
  • TI BLE-Stack used in conjunction with the CC254x, CC26xx, and CC13xx families of Bluetooth low energy (BLE) wireless MCUs.

More specifically, these CVEs pertain to implementations of Bluetooth Classic (BR/EDR) protocol stack components on the host OS systems listed in the white paper (i.e., Windows, Linux, Android, Tizen and pre Apple iOS 10). In CVE-2017-14315, the published exploit requires a classic BT connection according to the white paper (in addition to supporting Apple’s Low Energy Audio Protocol). The white paper did not demonstrate any vulnerability with the Bluetooth protocol (Classic or LE) itself, but rather how these host systems have implemented components of the protocol stack. 

When using TI Bluetooth controllers with Bluetooth stacks provided or supported by a third party, please consult your third party Bluetooth stack supplier with any additional questions you may have about Armis Labs’ paper.

It is important to remember that the security of end equipment is the customer’s responsibility and requires customer system designers to carefully design, validate, and test actual applications at each stage of development, taking into conditions those applications may encounter. You can learn more about TI’s Security Enablers to help you develop applications at www.ti.com/security.