A vulnerability related to pairing in Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) connections could be exploited to impersonate a previously paired device, researchers have discovered.
The security flaw allows for an attacker within Bluetooth range of an affected device to spoof the Bluetooth address of a previously bonded remote device, thus successfully authenticating without knowing the link key normally used for establishing an encrypted connection.
“It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS),” a CERT Coordination Center (CERT/CC) alert reads.
In a statement published on this vulnerability, the Bluetooth Special Interest Group (SIG) explains that the attacks allow hackers to “negotiate a reduced encryption key strength” if the device is still vulnerable to the KNOB (Key Negotiation of Bluetooth) attack disclosed last year.
The attacker could attempt to brute-force the encryption key and spoof the remote paired device. If the attack is not successful, the encrypted link is not established, but the attacker may still appear authenticated to the host.
For the attack to be successful, the attacker needs to know the Bluetooth address of the remote device to which the target was previously paired. Tracked as CVE-2020-10135, the vulnerability has a CVSS score of 4.8.
The vulnerability can be exploited in two manners, depending on the Secure Simple Pairing method (Legacy Secure Connections or Secure C ..
Support the originator by clicking the read the rest link below.
