1 min read

Bluetooth Core and Mesh Flaws Affect Untold Number of Devices

Silviu STAHIE

May 25, 2021

Bluetooth Core and Mesh Flaws Affect Untold Number of Devices

Devices supporting the Bluetooth Core and Mesh specifications could allow attackers to impersonate devices during the pairing process, security researchers have discovered.

Bluetooth devices are ubiquitous, so the number of potentially affected hardware is massive. Since these vulnerabilities directly affect the Core and Mesh Profile, which define the communication requirements for Bluetooth connection, developers must implement any fixes from the ground up.

Security researchers have identified a few vulnerabilities that could allow attackers to impersonate a legitimate device during pairing by using the passkey entry protocol, the PIN entry protocol or Bluetooth Mesh Provisioning.

The vulnerability involving the passkey entry protocol could let an attacker authenticate to the response victim device and act as a legitimate encrypted device.

On the other hand, the PIN pairing protocol vulnerability could “allow an attacker to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted by a paired or bonded remote device supporting Legacy Pairing,” according to researchers.

The Bluetooth Mesh provisioning vulnerability could let an attacker authenticate without the AuthValue. Researchers identified a few other flaws that would either permit an attacker to obtain a NetKey or to compute the AuthValue and certify to the Provisioner and provisioned devices.

The researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) reported the vulnerabilities and the advisory comes with a list of affected vendors. Some of the more prominent ones include Android, Cisco, Red Hat and Intel. A few are in the green, but the vast majority of the vendors are listed as unknown, which means they haven’t been checked.

The good news is that it’s possible to carry out immediate mitigations by installing the latest recommended updates from device and operating system manufacturers.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Amazon Doesn’t Want to Say How Many Police Requests for Ring Footage Were Granted Amazon Doesn’t Want to Say How Many Police Requests for Ring Footage Were Granted
Silviu STAHIE

June 15, 2021

1 min read
TikTok Tells Users It Will Collect Biometric Data TikTok Tells Users It Will Collect Biometric Data
Silviu STAHIE

June 06, 2021

1 min read
Device Manufacturers Could Let Users Remove Preinstalled Apps, at Least in Europe Device Manufacturers Could Let Users Remove Preinstalled Apps, at Least in Europe
Silviu STAHIE

June 02, 2021

1 min read