In mid-July, the Bluetooth Special Interest Group (BSIG) published instructions for eliminating security vulnerabilities in the “Secure Simple Pairing” and “LE Secure Connections” processes. Rutronik now offers a manufacturer-independent overview at https://rutronik-tec.com/bluetoothsecurity-vulnerability-status/, which shows the patch status of the individual chip and module manufacturers.
The site is kept up to date with the assistance of the franchise partners.
All Bluetooth specifications from V2.1+EDR to V5.0 are affected by the security vulnerability. The individual device manufacturers are responsible for patching the wireless stacks in the end devices via FOTA (firmware update over the air) to ensure they are free of flaws.
This feature is supported by all current Bluetooth components in the Rutronik portfolio.
As a member of BSIG, Nordic already offers faultless stacks and Toshiba and ST are already working on patches.
Therefore, the device manufacturers are required to forward the available updates to their devices as quickly as possible so that the attack gap will not actually be exploited soon.