Skip to main content

Bluetooth security holes open door to device impersonation attacks

Bluetooth
(Image credit: Pixabay)

Cybersecurity researchers have identified a number of vulnerabilities in two critical Bluetooth services that allow attackers to hijack a pairing request in order to conduct Man-in-the-Middle (MitM) attacks.

The vulnerabilities were spotted by researchers at the French National Agency for the Security of Information Systems (ANSSI) and exist in the Bluetooth Core and Mesh Profile specifications. 

Successfully exploiting these vulnerabilities, attackers can intercept pairing requests, masquerade as the initiator and authenticate with the responder, in a classic MitM attack.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

However, the attacker does not succeed in pairing with the initiator exploiting these vulnerabilities, which prevents a fully transparent MitM attack between the original initiator and the original responder.

Bluetooth Core specification defines the requirements that Bluetooth devices must meet in order to communicate with each other. Similarly, the Mesh Profile specification governs Bluetooth devices that use low energy to enable many devices to communicate over Bluetooth.

Vendors notified

The Bluetooth Special Interest Group (Bluetooth SIG), which governs the development of the Bluetooth standards, has issued a security advisory with a set of recommendations for each of the seven security flaws that impact the two vulnerable specifications. 

The CERT Coordination Center (CERT/CC) has drawn up a list of vendors who have products that are affected by these flaws.

According to CERT/CC these include the Android Open Source Project (AOSP), Cisco, Intel, Red Hat, Microchip Technology, and Cradlepoint.

CERT/CC also notes that all vendors except Intel, RedHat, and Cradlepoint have acknowledged the vulnerabilities to center and are working to mitigate them.

While the vendors analyse the vulnerabilities and brainstorm a mitigation, the Bluetooth SIG has asked users to follow best practices when operating their bluetooth-enabled devices, and “ensure they have installed the latest recommended updates from device and operating system manufacturers.” 

Via BleepingComputer