Bluetooth SIG Statement Regarding the “Pairing Mode Confusion in BR/EDR” Vulnerability
Researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) have identified a security vulnerability related to Passkey authentication in BR/EDR Secure Simple Pairing and BR/EDR Secure Connections pairing when pairing with a device supporting BR/EDR Legacy PIN-Code pairing. The researchers found that it is possible for an attacking device to successfully intercede as a man-in-the-middle (MITM) between two pairing devices provided the attacker is able to negotiate a BR/EDR Legacy Pairing with the pairing Responder (which must support entry of a PIN code) and negotiate the use of the Passkey association model with the pairing Initiator (which must support display or entry of a Passkey). The user must either erroneously enter the Passkey displayed by the Initiator into the Responder as a 6-digit Passkey/Pin-Code or enter the same 6-digit Passkey/Pin-Code into both the Initiator and the Responder. This permits the attacker to identify the Pin-Code entered into the Responder by a real-time brute-force search and then use that value as the Passkey to complete authenticated pairing with the Initiator. This permits a MTIM attack on the Secure Simple Pairing Passkey pairing procedure or Secure Connections Passkey pairing procedure even if operating in Secure Connections Only Mode.
For this attack to be successful, an attacking device would to be within wireless range of two Bluetooth devices that were establishing a BR/EDR encrypted connection without existing shared credentials. At least one of the two devices must support the Passkey association model and the other must support legacy PIN-Code pairing.
The Bluetooth SIG recommends that implementations enforce Secure Connections Only Mode. If both devices involved in this attack are in Secure Connections Only Mode, the MITM will not be able to force BR/EDR Legacy PIN-Code pairing with either device.
As a user must erroneously use the same Passkey on the device performing BR/EDR Secure Connections Passkey pairing as on the device performing BR/EDR Legacy PIN-Code pairing, it is also recommended, where possible, that devices supporting and using BR/EDR Legacy PIN-code pairing clearly indicate that a legacy pairing mode is in use and devices supporting and using BR/EDR Secure-Connections pairing clearly indicate that Secure-Connections pairing mode is in use. Language in a UI or in documentation that clearly differentiates between these association models may help avoid a user erroneously treating one Passkey value as the other.
The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.