블루투스 소프트웨어 스텍에서 발견된 문제들. 다수의 칩 벤더들의 SDK에 문제(deadlocks, crashes and buffer overflows or completely bypass security)가 있어서 패치가 제공되었다.
Table 1: Vulnerabilities type and affected vendors
|
|
|
|
|
| Type |
Vulnerability Name
|
Affected Vendors
|
CVE |
|
|
|
|
|
|
Crash
|
Link Layer Length Overflow
|
Cypress
|
CVE-2019-16336 (6.1) |
|
NXP
|
CVE-2019-17519 (6.1) | ||
|
|
|
|
|
| Truncated L2CAP | Dialog Semiconductors | CVE-2019-17517 (6.3) | |
|
|
|
|
|
| Silent Length Overflow | Dialog Semiconductors | CVE-2019-17518 (6.4) | |
|
|
|
|
|
| Public Key Crash | Texas Instruments | CVE-2019-17520 (6.6) | |
|
|
|
|
|
| Invalid L2CAP Fragment | Microchip | CVE-2019-19195 (6.8) | |
|
|
|
|
|
| Key Size Overflow | Telink Semiconductor | CVE-2019-19196 (6.9) | |
|
|
|
|
|
|
Deadlock
|
LLID Deadlock
|
Cypress
|
CVE-2019-17061 (6.2) |
|
NXP
|
CVE-2019-17060 (6.2) | ||
|
|
|
|
|
| Sequential ATT Deadlock | STMicroelectronics | CVE-2019-19192 (6.7) | |
|
|
|
|
|
| Invalid Connection Request | Texas Instruments | CVE-2019-19193 (6.5) | |
|
|
|
|
|
| Security Bypass | Zero LTK Installation | Telink Semiconductor | CVE-2019-19194 (6.10) |
|
|
|
|
Table 2: Vulnerabilities and SDK versions of the affected SoCs.* indicates extra affected SoCs reported by the vendor not tracked by our team.
|
|
|
|
|
|
|
Vuln.
|
SoC Vendor
|
SoC Model
|
SDK Ver. |
Qualification ID(s)
|
|
|
|
|
|
|
| BLE Version 5.0/5.1 | ||||
| 6.1,6.2 | Cypress (PSoC 6) | CYBLE-416045 | 2.10 | 99158 |
| 6.5,6.6 | Texas Instruments | CC2640R2 | 3.30.00.20 | 94079 |
| 6.9,6.10 | Telink | TLSR8258 | 3.4.0 | 92269, 136037 |
| 6.7 | STMicroelectronics | WB55 | 1.3.0 | 111668 |
| 6.7 | STMicroelectroncis | BlueNRG-2 | 3.1.0 | 87428, 106700, 94075 |
| 6.4 | Dialog | DA1469X* | 10.0.6 | 100899 |
| 6.3 | Dialog | DA14585/6* | 6.0.12.1020 | 91436 |
|
|
|
|
|
|
| BLE Version 4.2 | ||||
| 6.1,6.2 | Cypress (PSoC 4) | CYBL11573 | 3.60 | 62243, 136808, 79697, 82951, 79480 |
| 6.1,6.2 | NXP | KW41Z | 2.2.1 | 84040 |
| 6.4 | Dialog | DA14680 | 1.0.14.X | 87407, 84084, 71309, 75255 |
|
|
|
|
|
|
| BLE Version 4.1 | ||||
| 6.5 | Texas Instruments | CC2540 | 1.5.0 | 23454, 127418 |
| 6.3 | Dialog | DA14580 | 5.0.4 | 83573 |
| 6.8 | Microchip | ATSAMB11 | 6.2 | 73346 |
|
|
|
|
|
|
2.1 Attacks on IoT
Table 3: Products verified to be vulnerable
|
|
|
|
|
|
|
Product
|
Category |
BLE SoC
|
Vulnerability
|
Impact |
|
|
|
|
|
|
| Eve Energy | Smart Home |
DA14680
|
(6.4) Silent Length Overflow
|
Crash
|
| August Smart Lock | Smart Home |
DA14680
|
(6.4) Silent Length Overflow
|
Crash
|
|
|
|
|
|
|
|
Fitbit Inspire
|
Wearables
|
CY8C68237
|
(6.1) LL Length Overflow
|
Crash
|
|
(6.2) LLID Deadlock
|
Crash
|
|||
|
|
|
|
|
|
| CubiTag | Gadget Tracking | CC2640R2 |
(6.6) Public Key Crash
|
Deadlock |
|
|
|
|
|
|
| eGeeTouch TSA Lock | Security | CC2540 |
(6.5) Invalid Connection Request
|
Deadlock |
|
|
|
|
|
|
문제가 있는 제품들
