RS9116X-SB-EVK1

Silicon Labs Security Advisory A-00000446 Subject: Bluetooth Classic vulnerability – Blacktooth: Breaking through the Defense of Bluetooth in Silence CVSS Severity: Medium Base Score: 6.1, Medium Temporal Score: 5.5, Medium Vector String: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C Impacted Products: • Bluetooth Classic-capable SoCs and modules such as BT121, BT122, RS9113 and RS9116 may be impacted. Technical Summary • This is Bluetooth protocol vulnerability. • A paired Bluetooth Classic device can add profiles without additional user authorization. This may allow a rogue device to access private data that it shouldn’t be able to. • Profiles are given permissions by default without user authorization. This may lead to a rogue peripheral gaining access to sensitive data without the user’s knowledge. • The researcher’s paper on these vulnerabilities is available here. Fix/Work Around: • No mitigations are available for these vulnerabilities currently. However, Silicon Labs is monitoring the situation with the Bluetooth SIG and will continue to comply with the Bluetooth specification. Guidelines on our security vulnerability policy can be found at https://www.silabs.com/security For Silicon Labs Technical Support visit: https://www.silabs.com/support 1 silabs.com | A-00000446 Notice: The contents of this Notification are provided exclusively for the internal use of the recipient in support of devices supplied by Silicon Labs and shall not be shared with or distributed to any third parties. This Notification shall not be posted on any blog, website, board or social media. The contents are for general information only and do not purport to be comprehensive. While Silicon Labs provides this information in good faith and makes every effort to supply correct, current and high-quality guidance, Silicon Labs provides all materials (including this document) solely on an “as is” basis without warranty of any kind. Silicon Labs disclaims all express and implied warranties. In no event shall Silicon Labs be liable for any damages whatsoever, including direct, indirect, incidental, consequential, lost profits or special damages related to or arising from the adequacy, accuracy, completeness or timeliness of this document or its contents, even if Silicon Labs has been advised of the possibility of such damages. Nothing in this Notice excludes any liability for death or personal injury caused by negligence, or for fraud or intentional misrepresentation. By accepting or using the information contained in this Notification, the recipient agrees to that this Notification and its use are governed by the laws of the State of Texas, excluding its conflicts of law’s provisions.