Bluetooth Low Energy (BLE) and Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using an agreed upon Association Model. It is possible for an unauthenticated, adjacent attacker to man-in-the-middle (MITM) attack the pairing process and force each victim device into a different Association Model, possibly granting the attacker the ability to initiate any Bluetooth operation on either attacked device.
Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations, including the Bluetooth Low Energy (BLE) Core Configuration. Like Bluetooth Classic (BR/ER), BLE is used for low-power short-range communications, but has significantly lower power consumption, making it ideal for Internet of Things (IoT) and other resource restricted devices. For two devices to communicate over BLE, they need to establish a connection by pairing via the (Low Energy) Secure Connections (SC or LESC) or Secure Simple Pairing (SSP) methods. The pairing process includes feature information exchange between devices on what they support, public key exchange, and authentication of the public keys using an Association Model. Two of the possible Association Models, Numeric Comparison (NC) and Passkey Entry (PE), are impacted by this attack.
An adjacent, unauthenticated attacker can intercept the credentials shared during the pairing process and force each victim device into a different Association Model. To do this, the attacker must negotiate an NC procedure with one device and a PE procedure with the other, and the user must erroneously enter the NC value as the public key value and accept pairing on the NC device. This scenario applies to both BLE Secure Connections pairing and BR/EDR Secure Simple Pairing. However, only a device operating as a keyboard for the purposes of pairing may be used to enter the passkey in the BR/EDR Secure Simple Pairing scenario. The attacker would be able to initiate any Bluetooth operation on either attacked device that is exposed by the enabled Bluetooth profiles.
An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened.
Bluetooth host and controller suppliers should refer to the Bluetooth SIG's statement for guidance on updating their products. Downstream vendors should refer to their suppliers for updates.
Thanks to Ludwig Peuckert and Maximilian von Tschirschnitz for reporting this vulnerability.
This document was written by Madison Oliver.
|Date First Published:||2020-05-18|
|Date Last Updated:||2020-05-18 18:12 UTC|