2 Replies Latest reply on Sep 27, 2017 2:24 PM by Intel Corporation

    Intel BlueMoon PMB8753 and BlueBorne Vulnerabilities

    raviteja_v

      This is regarding the Blue Borne vulnerability identified by “Armis Labs” and It is said that “The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities”. In those lines we wanted to check if our products using “Intel BlueMoon PMB8753” modules are vulnerable or not?

      Can we know if the integrated stack on “Intel BlueMoon PMB8753” modules is vulnerabile to Blueborne attacks or not?

       

       

      References:

      https://www.kb.cert.org/vuls/id/240311

      https://www.armis.com/blueborne/

      https://access.redhat.com/security/vulnerabilities/blueborne

        • 1. Re: Intel BlueMoon PMB8753 and BlueBorne Vulnerabilities
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hello raviteja_v,

          We understand you would like to know whether the Intel® BlueMoon™ PMB8753 modules are vulnerable to Blueborne attacks.

          Please bear with us while we confirm our response.

          Best regards,
          Carlos A.

          • 2. Re: Intel BlueMoon PMB8753 and BlueBorne Vulnerabilities
            Intel Corporation
            This message was posted on behalf of Intel Corporation

            Hello raviteja_v,

             

            We've checked with our additional resources and received the following response:

             

            The Intel® BlueMoon™ PMB8753 is a Bluetooth* HCI controller chip. It implements the Bluetooth* stack up to HCI only. The L2CAP layer is not part of the product. The Intel® BlueMoon™ PMB8753 does not store transmitted data nor forward any files or executables.

             

            - PMB8753 does not include any of the affected OS (Windows*, iOS*, and Linux*-kernel-based operating systems including Android* and Tizen*) mentioned in the “vulnerability notes”: https://www.kb.cert.org/vuls/id/240311

             

            - PMB8753 does not include any of the affected OS (Android*, Windows*, Linux*, iOS*) mentioned by Armis*: https://www.armis.com/blueborne/

             

            - The Intel® BlueMoon™ PMB8753 is an HCI controller that does not include L2CAP. L2CAP must be implemented in the Bluetooth* host of the product, which is external to the chip. So the warning by RedHat* does not apply: https://access.redhat.com/security/vulnerabilities/blueborne

             

            Conclusion: for end products with PMB8753, the OS running on the host has to be checked. The PMB8753 chip itself is not affected.

             

            Side note:
            The Intel® BlueMoon™ PMB8753 is easily confused with PMB8753/2. So let us extend the answer to that model as well:

             

            - The Intel® BlueMoon™ PMB 8753/2 Serial Port Profile chip does not implement any of the affected OS, either. It implements L2CAP, but it is not using the Linux* kernel. The specific RTOS is not shared with any other applications. The chip does not store transmitted data or forward any files or executables, as such the PMB8753/2 model is not affected by the BlueBorne vulnerability.

             

            NOTE: Any links provided for third party tools or sites are offered for your convenience and should not be viewed as an endorsement by Intel® of the content, products, or services offered there. We do not offer support for any third party tool mentioned here.

             

            We hope this information helps.

             

            Best regards,
            Carlos A.