Dialog Semiconductor is aware of a Bluetooth low energy vulnerability named SweynTooth. This is published as a white paper by the Singapore University of Technology and Design. The white paper and a tool to reproduce this is available at the following link:https://asset-group.github.io/disclosures/sweyntooth/
The tool simulates a malicious attack and categorizes the level of vulnerability in the Bluetooth IC’s. Dialog Semiconductor Bluetooth devices were included in the investigation and found to be vulnerable to attacks that could force products to reset.
Dialog Semiconductor is taking action to provide solutions to our customers. Below is a list of the Dialog Bluetooth Low Energy devices describing how these are affected by the Sweyntooth vulnerabilities.
The vulnerabilities affecting Dialog devices do not let the attacker inject code into memory to by-pass the available Bluetooth security mechanism.
For any enquiries, pleasecontact your Dialog sales representative.
The table below will be updated as the situation develops.
| Device | SDK | Vulnerability | Resolution | Status/plan |
|---|---|---|---|---|
| DA14580/DA14581/DA14583 | SDK3.0.x | CVE-2019-17517 | Hotfix release.Contact your Dialog sales representative. | March 20, 2020 |
| SDK5.0.4 | CVE-2019-17517 | Hotfix release available on-line | March 20, 2020 | |
| DA14585/DA14586 | SDK6.0.12 | CVE-2019-17517 | Hotfix release available on-line | March 6, 2020 |
| SDK6.0.14 | CVE-2019-17517 | New SDK release | 4月20日20 | |
| DA14680/DA14681/ DA14682/DA14683 |
SDK1.0.14 | CVE-2019-17518 | Hotfix release available on-line | Feb 28, 2020 |
| DA1469x | SDK10.0.4 | CVE-2019-17518 | Upgrade to newer SDK | - |
| SDK10.0.6 | Not affected | - | - | |
| SDK10.0.8 | Not affected | - | - | |
| DA14531 | SDK6.0.12 | Not affected | - | - |