By Eduard Kovacs on May 25, 2021
Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.
The flaws, discovered by researchers at France’s national cybersecurity agency ANSSI, affect devices that support the Bluetooth Core and Mesh specifications, which define technical and policy requirements for devices operating over Bluetooth connections.
Malicious actors who are within Bluetooth range can exploit the weaknesses to impersonate legitimate devices, according to an advisory published on Monday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.
Advisories for each flaw have also been published by the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards.
Overview
Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.
Description
The Bluetooth Core Specification and Mesh Profile Specification are two specifications used to define the technical and policy requirements for devices that want to operate over Bluetooth connections. Researchers at the Agence.
The two specifications define the technical and policy requirements for devices that want to operate over Bluetooth connections.
The Bluetooth Impersonation Attacks, or BIAS, allow attackers to impersonate a device and to establish a secure connection with a victim without possessing the long-term key shared by the impersonated device and the victim. This bypasses Bluetooth s authentication mechanism. The BIAS attacks are the first uncovering issues related to Bluetooth s secure connection establishment authentication procedures, adversarial role switches, and Secure Connections downgrades, the researchers said. Our attacks are stealthy because the Bluetooth standard does not require to notify end users about the outcome of an authentication procedure, or the lack of mutual authentication.