Renesas is aware of a Bluetooth® Low Energy vulnerability named SweynTooth. This is published as a white paper by the Singapore University of Technology and Design. The white paper and a tool to reproduce this are available at the following link: https://asset-group.github.io/disclosures/sweyntooth/.

The tool simulates a malicious attack and categorizes the level of vulnerability in the Bluetooth ICs. Renesas Bluetooth devices were included in the investigation and found to be vulnerable to attacks that could force products to reset.

Renesas is taking action to provide solutions to our customers. Below is a list of several Renesas Bluetooth Low Energy devices describing how these are affected by the Sweyntooth vulnerabilities.

The vulnerabilities affecting these devices do not let the attacker inject code into memory to bypass the available Bluetooth security mechanism.

For any inquiries, please contact your Renesas sales representative.

The table below will be updated as the situation develops.

Device SDK Vulnerability Resolution Status/Plan
DA14580/DA14581/DA14583 SDK3.0.x CVE-2019-17517 Hotfix release. Contact your Renesas sales representative. March 20, 2020
SDK5.0.4 CVE-2019-17517 Hotfix release available on-line May 25, 2022
DA14585/DA14586 SDK6.0.12 CVE-2019-17517 Hotfix release available on-line March 6, 2020
SDK6.0.14 CVE-2019-17517 New SDK release April 2020
DA14680/DA14681/DA14682/DA14683 SDK1.0.14 CVE-2019-17518 Hotfix release available on-line May 25, 2022
DA1469x SDK10.0.4 CVE-2019-17518 Upgrade to newer SDK
SDK10.0.6 Not affected
SDK10.0.8 Not affected
DA14531 SDK6.0.12 Not affected

Documentation

Title Type Date
ZIP9 KB
Other
ZIP15.79 MB
Other

Downloads

Title Type Date
ZIP90 KB
Software & Tools - Other