SWRA802 November   2018 CC1350 , CC2540 , CC2541 , CC2640 , CC2640R2F , CC2640R2F-Q1 , CC2650

 

  1.   1
  2. 1Summary
  3. 2Vulnerability
  4. 3Revision History

Summary

TI is aware that Armis has reported potential security vulnerabilities with certain older versions of the BLE-STACK. Armis has also incorrectly indicated a chip-level issue with the over-the-air download (OAD) Profile feature. While we believe many aspects of this potential vulnerability are misrepresented, we want you to have the facts and resources available to you to help you make decisions about securing your applications.

Prior to being contacted by Armis, TI identified a potential stability issue with certain older versions of the BLE-STACK when used in a scanning mode, and we addressed this issue with software updates earlier this year. As we’ve shared with Armis, we believe the potential security vulnerability identified by Armis was addressed with previous software updates. If you have not already updated your software with the latest versions available, we encourage you to do so. See mitigations below.

Additionally, the over-the-air firmware download (OAD) Profile feature mentioned in Armis’ report as it relates to the TI BLE devices is not intended or marketed to be a comprehensive security solution. The vulnerability mentioned in Armis’ report is a system-level, not chip-level, issue. We encourage you to use security-enabled features when designing security-related systems.