Bluetooth SIG Statement Regarding the ‘Impersonation in the Pin Pairing Protocol’ Vulnerability
Researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) have identified a security vulnerability related to BR/EDR pin-code pairing in Bluetooth® Core Specification versions 1.0B through 5.2. The researchers identified that it was possible for an attacker spoofing the Bluetooth Device Address (BD_ADDR) of a device to complete BR/EDR pin-code pairing with that device without requiring knowledge of the pin code.
For this attack to be successful, an attacking device needs to be within wireless range of a vulnerable device supporting BR/EDR Legacy Pairing that is Connectable and Bondable. The attacker must be able to identify the BD_ADDR of the vulnerable device before it can launch the attack, generally requiring the device to be discoverable. If successful, the attacker will be able to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted by a paired or bonded remote device supporting Legacy Pairing.
The Bluetooth SIG is recommending that potentially vulnerable devices not initiate or accept connections from remote devices claiming the same BD_ADDR as the local device.
The Bluetooth SIG continues to recommend that devices use Secure Simple Pairing or BR/EDR Secure Connections to avoid known vulnerabilities with legacy BR/EDR pairing.
The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.
For more information, please refer to the statement from the CERT Coordination Center.