A vulnerability related to pairing in Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) connections could be exploited to impersonate a previously pa
A vulnerability related to pairing in Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) connections could be exploited to impersonate a previously paired device, researchers have discovered.
The security flaw allows for an attacker within Bluetooth range of an affected device to spoof the Bluetooth address of a previously bonded remote device, thus successfully authenticating without knowing the link key normally used for establishing an encrypted connection.
“It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS),” a CERT Coordination Center (CERT/CC) alert reads.
In a statement published on this vulnerability, the Bluetooth Special Interest Group (SIG) explains that the attacks allow hackers to “negotiate a reduced encryption key strength” if the device is still vulnerable to the KNOB (Key Negotiation of Bluetooth) attack disclosed last year.
The attacker could attempt to brute-force the encryption key and spoof the remote paired device. If the attack is not successful, the encrypted link is not established, but the attacker may still appear authenticated to the host.
For the attack to be successful, the attacker needs to know the Bluetooth address of the remote device to which the target was previously paired. Tracked as CVE-2020-10135, the vulnerability has a CVSS score of 4.8.
The vulnerability can be exploited in two manners, depending on the Secure Simple Pairing method (Legacy Secure Connections or Secure Connections) used to establish the previous connection with the remote device.
The first method allows the attacker to downgrade the authentication security and proceed with the BIAS method. If they can downgrade authentication or the device does not support Secure Connections, the attacker can initiate a master-slave role switch to become the authentication initiator.
“If successful, they complete the authentication with the remote device. If the remote device does not then mutually authenticate with the attacker in the master role, it will result in the authentication-complete notification on both devices, even though the attacker does not possess the link key,” the CERT/CC alert reads.
To mitigate the issue, vendors are advised to ensure that the encryption key length cannot be reduced below 7 octets and that hosts initiate mutual authentication or support Secure Connections Only mode when this is possible. Moreover, they should ensure that an encrypted link is required for the Bluetooth authentication to be used to independently signal a change in device trust.
“To remedy this vulnerability, the Bluetooth SIG is updating the Bluetooth Core Specification to clarify when role switches are permitted, to require mutual authentication in legacy authentication and to recommend checks for encryption-type to avoid a downgrade of secure connections to legacy encryption,” Bluetooth SIG notes.