Publication Date: February 20, 2020 

Update Date: April 20, 2020

 

Philips is currently monitoring developments and updates related to the recent Bluetooth Low Energy (BLE) alert concerning the reported SweynTooth, a family of 12 vulnerabilities (CVE-2019-16336, CVE-2019-17519, CVE-2019-17517, CVE-2019-17518, CVE-2019-17520, CVE-2019-19195, CVE-2019-19196, CVE-2019-17061, CVE-2019-17060, CVE-2019-19192, CVE-2019-19193, CVE-2019-19194 ).

 

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Bluetooth Low Energy (BLE) for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for updates related to these vulnerabilities and evaluating further actions or updates to potentially affected Philips products.

 

According to Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Seminconductor, successful exploitation of these vulnerabilities allows an attacker in radio range to trigger deadlocks, crashes, and buffer overflows or completely bypass security depending on the circumstances.

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise) are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.

 

Begin Update A: April 20, 2020

 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to SweynTooth. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Diamond Clean Smart connected power toothbrush (codes start with HX99)
Flexcare Platinum Connected power toothbrush (codes start with HX91)
Saeco Gran Baristo Avanti – Espresso Machine Models
Diamond Clean 9000 connected power toothbrush (codes start with HX99)
Philips Connected Shaver 7000 (S77xx & S79xx)
Expert Clean power connected toothbrush (HX96)
Sonicare - Kids connected power toothbrush (codes start with HX63)
End Update A