Bluetooth Security | Bluetooth Technology Website

Reporting Security Vulnerabilities

At the Bluetooth SIG, we strive to make Bluetooth the global standard for simple, secure wireless connectivity and security is of the utmost importance.  If you have found a potential security issue in any Bluetooth specification, please contact us via email at security@bluetooth.com.  For encrypted communication, you may use our public key.

We do our best to respond to security issues within 48 hours, but if you do not receive a response within this time frame, please feel free to follow up with us to ensure that we have received your original report.

Report Details
The following information will help us to evaluate your submission as quickly as possible. If available, please include in your report:

  • Vulnerability type (security, privacy, availability/DoS, etc.)
  • Affected specification and version
  • Instructions to reproduce the issue
  • A proof-of-concept (PoC)

Bluetooth Security Notices

VulnerabilityPublication DateDetailsSpecifications AffectedCVE [NVD]
Key Negotiation of Bluetooth08/13/2019SIG StatementCore Specification, v4.2, v5.0 and v5.1CVE-2019-9506
Validation of Elliptic Curve Parameters07/23/2018SIG StatementCore Specification, v2.1 to v5.0CVE-2018-5383