Patches to remedy the vulnerabilities should be released over the coming weeks
Cybercriminals could
exploit several vulnerabilities in Bluetooth to carry out impersonation
attacks and masquerade as a legitimate device during the pairing process,
according to the
Bluetooth Special Interest Group (SIG).
The security flaws, which
affect the Bluetooth
Core and Mesh
Profile specifications, were
discovered by researchers at France’s national cybersecurity agency ANSSI.
“The researchers identified
that it was possible for an attacker acting as a MITM [Man-in-the-Middle] in
the Passkey authentication procedure to use a crafted series of responses to
determine each bit of the randomly generated Passkey selected by the pairing
initiator in each round of the pairing procedure, and once identified, to use
these Passkey bits during the same pairing session to successfully complete the
authenticated pairing procedure with the responder,” reads Bluetooth SIG’s
security notice.
To successfully carry out
the attack, the perpetrator would have to be in the wireless range of two
vulnerable Bluetooth-enabled devices engaging in the pairing procedure. Once
the authentication process is completed, the responder device will be
authenticated with the attacker instead of the initiator. However, the attacker
won’t be able to use this method to pair with the initiating device.
RELATED
READING: Bluetooth
flaw exposes countless devices to BIAS attacks
The US CERT Coordination
Center (CERT/CC) released additional details about the
vulnerabilities, explaining
that an attacker could exploit the flaws to complete the pairing protocol and
encrypt communications using a known link key, authenticate without the
AuthValue or even brute-force it.
Patches on
the way
Software and firmware
updates are expected to be rolled out over the coming weeks, so users should be
on the lookout for fixes from affected vendors.
Speaking of which, the
Android Open Source Project, Cisco, Microchip Technology, Cradlepoint, Intel,
and Red Hat are among the organizations identified by CERT/CC as affected by at
least some of the vulnerabilities. The first three have issued statements
confirming that they are working on releasing patches or mitigations for the
security flaws, while the rest have yet to speak on the issue.
There is no word on whether
the bugs have been exploited in the wild.
SIG has shared its own set
of recommendations addressing the vulnerabilities and it is
urging vendors to release patches post-haste.