Bluetooth bugs open the door for attackers to impersonate devices
New vulnerabilities in devices with Bluetooth Core and Mesh have been uncovered by researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI). The bugs were disclosed on Monday and could allow a threat actor to impersonate devices during pairing, leading to man-in-the-middle attacks. Carnegie Mellon University also released an advisory stating that the bugs allow attackers to conduct harmful attacks and AuthValue disclosures. Bluetooth Core and Mesh are two separate specifications installed on low-energy and IoT devices.
The first vulnerability impacts Bluetooth Core and is located in the Passkey Entry protocol, which is utilized during secure pairing between devices. This vulnerability can lead to impersonation attacks. The second disclosed flaw also impacts Bluetooth Core and allows an attacker to abuse the pairing procedure through spoofing a Bluetooth device address. In order to exploit this flaw, an attacker would need to be within wireless range. The third bug impacts Bluetooth Mesh and contains similar attack techniques, allowing attackers to spoof devices and create crafted responses appearing to possess an AuthValue. This tactic would give attackers access to a valid NetKey. Three more bugs were disclosed by the ANSSI, and companies Cisco, Intel, and Microchip Technologies stated that they would push updates addressing the flaws out as soon as possible.