The Bluetooth Special Interest Group (SIG) published instructions for eliminating security vulnerabilities in the “Secure Simple Pairing” and “LE Secure Connections” processes. Rutronik UK now offers a manufacturer-independent overview at https://rutronik-tec.com/bluetooth-security-vulnerability-status/, which shows the patch status of the individual chip and module manufacturers. The site is kept up to date with the assistance of the franchise partners.
All Bluetooth specifications from V2.1+EDR to V5.0 are affected by the security vulnerability. It goes without saying that the individual device manufacturers are responsible for patching the wireless stacks in the end devices via FOTA (firmware update over the air) to ensure they are free of flaws. This feature is supported by all current Bluetooth components in the Rutronik UK portfolio.
As market leader (approx. 45 per cent market share) and a member of Bluetooth SIG, Nordic Semiconductor already offers faultless stacks and other suppliers are already working on patches. Therefore, the device manufacturers are required to forward the available updates to their devices as quickly as possible so that the attack gap will not actually be exploited soon.
Erratum 10734 can be downloaded from here: www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=447440&_ga=2.253269836.453099069.1533649306-1605826663.1532498694