Researchers have discovered that a weakness associated with pairing in Bluetooth Basic Rate / Enhanced Data Rate (BR / EDR) connections could be exploited to impersonate a previously paired unit.
The security vulnerability allows an attacker to spoof the Bluetooth address of a previously bonded remote device within the Bluetooth range of an affected device and thus to successfully authenticate without knowing the link key usually used to create an encrypted connection.
“An unauthenticated, adjacent attacker can impersonate a previously paired / bonded device and authenticate successfully without knowing the link key. By performing a Bluetooth Impersonation Attack (BIAS),’ reads a CERT Coordination Center (CERT/CC) alert, this could allow an attacker to gain full access to the paired device.
In a statement published on this vulnerability, the Bluetooth Special Interest Group (SIG) explains that if the system is still vulnerable to the KNOB (Main Bluetooth Negotiation) attack disclosed last year, the attacks enable hackers to “negotiate a reduced encryption key intensity”
The attacker may try to brute-force the encryption key and spoof the paired computer remotely. If the attack is unsuccessful, the encrypted link will not be established but the attacker may still appear to the host authenticated.
To be effective in attacking, the attacker needs to know the remote device’s Bluetooth address to which the target was previously paired. The vulnerability is monitored as CVE-2020-10135, and has a CVSS score of 4.8.
Depending on the Secure Simple Pairing method (Legacy Secure Connections or Secure Connections) used to establish the previous connection to the remote device, the vulnerability can be exploited in 2 ways.
The first method allows the attacker to downgrade the security of authentication and proceed using the BIAS method. If authentication can be downgraded or the system does not support Safe Connections, then the attacker can initiate a master-slave role switch to become the authentication initiator.
“If the remote device is successful, they complete the authentication. If the remote device then does not authenticate with the attacker in the master position, the authentication-complete warning on both devices will result, even though the attacker does not have the connection key, “reads the CERT / CC alert.
To mitigate the issue, vendors are advised to ensure that the length of the encryption key cannot be reduced by less than 7 bytes, and that hosts initiate mutual authentication or support Secure Connections Only mode where possible. In addition, they should ensure that the Bluetooth authentication requires an encrypted connection to be used to independently signal a shift in user trust.
“To remedy this vulnerability, the Bluetooth SIG updates the Bluetooth Core Specification to clarify when role switches are allowed, to require mutual authentication in legacy authentication and to recommend encryption-type checks to avoid downgrading of secure connections to legacy encryption,” notes Bluetooth SIG.