04.03.2020
Important information about Vulnerabilities for using Low Energy (BLE) wireless communications protocol
 

Dear Madam, dear Sir, 

FDA was made aware of a suite of vulnerabilities related to devices using Low Energy (BLE) wireless communications protocol. These reported vulnerabilities may allow actors to crash devices, reboot devices and force them into a “deadlocked” state, or bypass security features.

The vulnerabilities were published by a group of researcher on February 10th and FDA learned about this issue last week.
Probably this is the communication by the researchers:
https://asset-group.github.io/disclosures/sweyntooth/

The affected chips identified so far are: Texas Instruments, Paddling, Cypress, ST Micro Electronics, Dialog, NXP, Semiconductors, Microchip, Telink Semiconductor – non-exhaustive list.

The exploit codes are available – not clear if online or only with the researchers. The researchers are being contacted.

It appears that these exploits may not be used directly from the internet, physical proximity to the device being necessary.

We have no further information but in the public domain there is the following article.
https://www.wired.com/story/bluetooth-flaws-ble-internet-of-things-pacemakers/
https://www.zdnet.com/article/unknown-number-of-bluetooth-le-devices-impacted-by-sweyntooth-vulnerabilities/  

Useful resource listing products with:
https://launchstudio.bluetooth.com/Listings/Search

We request you strongly to start assessing the impact on your products portfolios.

For further questions we are at your disposal.

Yours sincerely
Medical Device International
medical@tuev-nord.de

 
 
 
 

TÜV NORD CERT GmbH

Langemarckstr. 20
45141 Essen

Tel.: 0800 2457-457
(kostenlose Service-Hotline)

info.tncert@tuev-nord.de
www.tuev-nord-cert.de

 

Dieses Mailing wird im Auftrag der TÜV NORD CERT GmbH mit Sitz in Essen betrieben.

Amtsgericht Essen, HRB 9976 
USt-Id-Nr.: DE 811389923
Steuer-Nr.: 111/5706/2193

If you wish to unsubscribe from this service, please click here