Community
cancel
Showing results for 
Search instead for 
Did you mean: 
rvuyy
Beginner
1,664 Views

Intel BlueMoon PMB8753 and BlueBorne Vulnerabilities

This is regarding the Blue Borne vulnerability identified by "Armis Labs" and It is said that "The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities". In those lines we wanted to check if our products using "Intel BlueMoon PMB8753" modules are vulnerable or not?

Can we know if the integrated stack on "Intel BlueMoon PMB8753" modules is vulnerabile to Blueborne attacks or not?

References:

https://www.kb.cert.org/vuls/id/240311

https://www.armis.com/blueborne/

https://access.redhat.com/security/vulnerabilities/blueborne

Tags (1)
0 Kudos
2 Replies
idata
Community Manager
53 Views

Hello raviteja_v,

 

 

We understand you would like to know whether the Intel® BlueMoon™ PMB8753 modules are vulnerable to Blueborne attacks.

 

 

Please bear with us while we confirm our response.

 

 

Best regards,

 

Carlos A.
idata
Community Manager
53 Views

Hello raviteja_v,

We've checked with our additional resources and received the following response:

The Intel® BlueMoon™ PMB8753 is a Bluetooth* HCI controller chip. It implements the Bluetooth* stack up to HCI only. The L2CAP layer is not part of the product. The Intel® BlueMoon™ PMB8753 does not store transmitted data nor forward any files or executables.

- PMB8753 does not include any of the affected OS (Windows*, iOS*, and Linux*-kernel-based operating systems including Android* and Tizen*) mentioned in the "vulnerability notes": https://www.kb.cert.org/vuls/id/240311 https://www.kb.cert.org/vuls/id/240311

- PMB8753 does not include any of the affected OS (Android*, Windows*, Linux*, iOS*) mentioned by Armis*: https://www.armis.com/blueborne/ https://www.armis.com/blueborne/

- The Intel® BlueMoon™ PMB8753 is an HCI controller that does not include L2CAP. L2CAP must be implemented in the Bluetooth* host of the product, which is external to the chip. So the warning by RedHat* does not apply: https://access.redhat.com/security/vulnerabilities/blueborne https://access.redhat.com/security/vulnerabilities/blueborne

Conclusion: for end products with PMB8753, the OS running on the host has to be checked. The PMB8753 chip itself is not affected.

Side note:

 

The Intel® BlueMoon™ PMB8753 is easily confused with PMB8753/2. So let us extend the answer to that model as well:

- The Intel® BlueMoon™ PMB 8753/2 Serial Port Profile chip does not implement any of the affected OS, either. It implements L2CAP, but it is not using the Linux* kernel. The specific RTOS is not shared with any other applications. The chip does not store transmitted data or forward any files or executables, as such the PMB8753/2 model is not affected by the BlueBorne vulnerability.

NOTE: Any links provided for third party tools or sites are offered for your convenience and should not be viewed as an endorsement by Intel® of the content, products, or services offered there. We do not offer support for any third party tool mentioned here.

We hope this information helps.

Best regards,

 

Carlos A.
Reply