Bluetooth SIG Statement Regarding the ‘Malleable Commitment’ Vulnerability
Researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) have identified a security vulnerability related to provisioning in the Bluetooth® Mesh Profile Specification versions 1.0 and 1.0.1. The researchers identified that the authentication protocol is vulnerable if the AuthValue can be identified during the provisioning procedure, even if the AuthValue is selected randomly. If an attacker can identify the AuthValue used before the provisioning procedure times out, it is possible to complete the provisioning operation and obtain a NetKey.
Identifying the AuthValue generally requires a brute-force search against the provisioning random and provisioning confirmation produced by the Provisioner. This brute-force search, for a randomly selected AuthValue, must complete before the provisioning procedure times out, which can require significant resources.
The Bluetooth SIG is recommending that potentially vulnerable mesh provisioners restrict the authentication procedure and not accept provisioning random and provisioning confirmation numbers from a remote peer that are the same as those selected by the local device.
The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.
For more information, please refer to the statement from the CERT Coordination Center.