- EcoFlow portable power stations are over 50% off with these early Prime Day deals
- Amazon Prime Day deals live: We found 150+ of the best deals ahead of October's Big Deal Days
- Get a 5-year VPN subscription for $35 with this deal
- Forget October Prime Day: Snag a Dyson cordless vacuum for $260 at Walmart
- Best Prime Day robot vacuum deals to shop in October 2024
French intel found flaws in Bluetooth Core and Mesh specs
Attackers could exploit a set of Bluetooth vulnerabilities, affecting the Core and Mesh Profile specifications, to conduct man-in-the-middle (MitM) attacks.
Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh Profile specifications that could be used to impersonate legitimate devices during the pairing process and conduct man-in-the-middle (MitM) attacks while within wireless range of vulnerable devices.
All the devices supporting Bluetooth Core and Mesh specifications are affected by the above issues and are vulnerable to impersonation attacks and AuthValue disclosure.
Researchers identified a vulnerability affecting the Passkey authentication in BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2, BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2 and LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2. The experts discovered that attackers in a MITM position were able to use a crafted series of responses to determine each bit of the randomly generated Passkey selected by the pairing initiator in each round of the pairing procedure. Once the bits composing the Passkey were identified during the same pairing session an attack could complete the authenticated pairing process with the responder.
“After successful completion of the authentication procedure, the responder will be authenticated to the attacker rather than the initiator, permitting the attacker to act in the role of an encrypted and authenticated peer. The attacker does not succeed in pairing with the initiator by this method, preventing a fully transparent MITM attack on the pairing procedure between the initiator and responder.” reads the advisory published by the Bluetooth SIG.
“For this attack to be successful, an attacking device needs to be within wireless range of two vulnerable Bluetooth devices initiating pairing or bonding where a BR/EDR IO Capabilities exchange or LE IO Capability in the pairing request and response results in the selection of the Passkey pairing procedure.”
The Bluetooth Special Interest Group (SIG) published security notices about the flaws, below the full list of the issues:
The Carnegie Mellon CERT Coordination Center (CERT/CC) also published an advisory that includes the list of the impacted vendors, such as Cisco, Microchip, Red Hat, Intel, and Android.
Follow me on Twitter: @securityaffairs and Facebook
Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine