Bluetooth SIG Statement Regarding the Method-Confusion Pairing Vulnerability

Researchers at the Technical University of Munich (TUM) have identified a security vulnerability related to Bluetooth LE Secure Connections Pairing and Secure Simple Pairing. The researchers identified that it is possible for an attacking device to successfully intercede as a man-in-the-middle between two pairing devices, provided that the attacker is able to negotiate a numeric compare pairing procedure with one device and a passkey pairing procedure with the other, and that the user erroneously enters the numeric compare value as the passkey and accepts pairing on the numeric compare device. This scenario is applicable to both LE Secure Connections Pairing and BR/EDR Secure Simple Pairing, however only devices operating as a keyboard for the purposes of pairing may be used to enter the passkey in the Secure Simple Pairing scenario.

Bluetooth products may exist in the field that do not clearly identify the difference between the six-digit numeric comparison value and the six-digit passkey. Any confusion on the part of the user authenticating the pairing may result in the man-in-the-middle becoming authenticated with the attacked devices instead of the attacked devices becoming authenticated with one another.

A man-in-the-middle successfully implementing this attack will be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles on either device. This exposure may be further limited by requirements that the user authorize certain access, but if a user believes that it is the intended remote device requesting permissions, device-local protections may be weakened.

For this attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were establishing either an LE or a BR/EDR encrypted connection either for the first time or after deletion of existing pairing credentials using either LE Secure Connections Pairing or BR/EDR Secure Simple Pairing.  The user must mistakenly enter the numeric compare value as the passkey and accept pairing on the numeric-compare device for the attacker to complete the pairing to both devices successfully. If the user accepts pairing on the numeric compare device, a pairing or bonding relationship will be set up between this device and the attacker, even if the passkey entry fails.

The Bluetooth SIG recommends that product developers introduce language to user interfaces and/or documentation that warns users to not enter the numeric comparison value on the remote pairing device or to not enter the numeric comparison value anywhere.

The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedy to our member companies and is encouraging them to rapidly integrate any necessary patches. Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.

For more information, please refer to the statement from the CERT Coordination Center:
https://www.kb.cert.org/vuls/id/534195/