Bluetooth controller lifecycle status

BR/EDR

BLE

After identifying the Bluetooth controller, it is essential to consult the manufacturer’s documentation to determine its current stage in the product life cycle.

A Bluetooth controller that is approaching the end, or has already reached the end of its life cycle, may no longer receive updates from the manufacturer. As a result, any vulnerabilities discovered in its firmware or other components will remain permanently unpatched, as there will be no official method to fix them.

Understanding the controller’s life cycle status is therefore crucial, as it helps determine whether the device will need to be replaced in the short, medium, or long term to maintain both operational stability and security.

Description

After identifying the Bluetooth controller, it will be necessary to consult the manufacturer’s documentation to find out at which point in the life cycle it is.

You can find a list of controllers that have already reached an end of support status in the End of life Bluetooth controllers annex. Alternatively, if the device is not listed, it will be necessary to consult the manufacturer’s website, different supplier websites, or various search engines. In addition to common search engines and the manufacturer’s page, searches are recommended on the following providers/manufacturers:

The resources that can be useful for the identification of the controller model in the device can be found in the following table:

ID Description
BSAM-RES-01 Physical identification of the controller
BSAM-RES-02 Identify controller through reports

Example

Upon disassembly of a Bluetooth device (BSAM-RES-01 (Physical identification of the controller)) an nRF51822 controller is identified. A search in Mouser’s website indicates that this controller is not recommended for new designs because the manufacturer has issued this recommendation for having reached the end of its lifecycle and there are products that replace it.

The Mouser provider indicating that the controller is not recommended for new designs

The manufacturer also lists an informational note on their website about a vulnerability affecting all nRF51 family devices. Had the device been out of support at the time, the vulnerability would not have been patched, leaving the customer exposed.

This is important because it is possible that the controller will not be supported for fixes affecting security in a timeframe shorter than the support to be given to the device under study.