Bluetooth SIG Statement Regarding the Bluetooth Impersonation Attacks (BIAS) Security Vulnerability
Researchers at the École Polytechnique Fédérale de Lausanne (EPFL) have identified a security vulnerability related to pairing in Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device spoofing the address of a previously bonded remote device to successfully complete the authentication procedure with some paired/bonded devices while not possessing the link key. This may permit an attacker to negotiate a reduced encryption key strength with a device that is still vulnerable to the Key Negotiation of Bluetooth attack disclosed in 2019. If the encryption key length reduction is successful, an attacker may be able to brute force the encryption key and spoof the remote paired device. If the encryption key length reduction is unsuccessful, the attacker will not be able to establish an encrypted link but may still appear authenticated to the host.
For this attack to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device that has previously established a BR/EDR bonding with a remote device with a Bluetooth address known to the attacker. For devices supporting Secure Connections mode, the attacker claims to be the previously paired remote device but with no support for Secure Connections. This will generally permit the attacker to proceed with an attack on legacy authentication unless the device is in Secure Connections Only mode. If the attacker can either downgrade authentication in this manner or is attacking a device that does not support Secure Connections, the attacker initiates a master-slave role switch to place itself into the master role and become the authentication initiator. If successful, it completes authentication with the attacked device. If the attacked device does not mutually authenticate with the attacker in the master role, this will result in an authentication-complete notification even though the attacker does not possess the link key.
To remedy this vulnerability, the Bluetooth SIG is updating the Bluetooth Core Specification to clarify when role switches are permitted, to ensure a role switch in the middle of a secure authentication procedure does not affect the procedure, to require authenticating the peer device in legacy authentication, and to recommend checks for encryption-type to avoid a downgrade of secure connections to legacy encryption. These changes will be introduced into a future specification revision.
Until this occurs, the Bluetooth SIG is strongly recommending that vendors ensure that reduction of the encryption key length below 7 octets is not permitted, that hosts initiate mutual authentication when performing legacy authentication, that hosts support Secure Connections Only mode when this is possible, and that the Bluetooth authentication not be used to independently signal a change in device trust without first requiring the establishment of an encrypted link.
The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.
For more information, please refer to the statement from the CERT Coordination Center:
https://www.kb.cert.org/vuls/id/647177/
