Devices supporting the Bluetooth Core and Mesh specifications could allow attackers to impersonate devices during the pairing process, security researchers have discovered.
Bluetooth devices are ubiquitous, so the number of potentially affected hardware is massive. Since these vulnerabilities directly affect the Core and Mesh Profile, which define the communication requirements for Bluetooth connection, developers must implement any fixes from the ground up.
Security researchers have identified a few vulnerabilities that could allow attackers to impersonate a legitimate device during pairing by using the passkey entry protocol, the PIN entry protocol or Bluetooth Mesh Provisioning.
The vulnerability involving the passkey entry protocol could let an attacker authenticate to the response victim device and act as a legitimate encrypted device.
On the other hand, the PIN pairing protocol vulnerability could “allow an attacker to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted by a paired or bonded remote device supporting Legacy Pairing,” according to researchers.
The Bluetooth Mesh provisioning vulnerability could let an attacker authenticate without the AuthValue. Researchers identified a few other flaws that would either permit an attacker to obtain a NetKey or to compute the AuthValue and certify to the Provisioner and provisioned devices.
The researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) reported the vulnerabilities and the advisory comes with a list of affected vendors. Some of the more prominent ones include Android, Cisco, Red Hat and Intel. A few are in the green, but the vast majority of the vendors are listed as unknown, which means they haven’t been checked.
The good news is that it’s possible to carry out immediate mitigations by installing the latest recommended updates from device and operating system manufacturers.