Bluetooth SIG Statement Regarding the ‘AuthValue Leak’ Vulnerability
Researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) have identified a security vulnerability related to provisioning in the Bluetooth® Mesh Profile Specification versions 1.0 and 1.0.1. The researchers identified that it is possible for an attacker provisioned in the Mesh Provisioning procedure without access to the AuthValue to identify the AuthValue directly without brute-forcing its value.
Even when a randomly generated AuthValue with a full 128-bits of entropy is used, an attacker acquiring the Provisioner’s public key, provisioning confirmation value, and provisioning random value and providing its public key for use in the provisioning procedure will be able to directly compute the AuthValue used.
The Bluetooth SIG is recommending that potentially vulnerable mesh provisioners use an out-of-band mechanism to exchange the public keys.
The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.
For more information, please refer to the statement from the CERT Coordination Center.