Publication date: May 18, 2020
Bluetooth® Special Interest Group (SIG) has issued recommendations based on findings from researchers at the École Polytechnique Fédérale de Lausanne (EPFL) regarding a potential security vulnerability, in which the attacking device spoofs the address of a previously paired remote device and successfully completes the authentication procedure with a paired/bonded device while not possessing the link key.
Affected products and versions
TI dual-mode Bluetooth controllers with BR/EDR support: CC256x, CC256xB, CC2564C, WL12xx and WL18xx.
Potentially impacted features
An attacking device would need to be within wireless range of a potentially vulnerable Bluetooth device that has bonded with a remote Bluetooth device known to the attacker. If the previous pairing procedure was completed using secure connections mode, the attacker claims to be the previously paired remote device, no longer supporting secure connections by clearing bits in its feature mask (bits 67, 136 – secure connections host and controller support). If the attacker can either downgrade authentication in this manner or attack a device that does not support secure connections, the attacker initiates a master-slave role switch to place itself into the master role and become the authentication initiator.
Bluetooth SIG recommends that the Bluetooth Erratum 11838 be implemented to mitigate this issue. Please see the details on TI’s implementation of the erratum. All TI dual-mode Bluetooth controllers have mechanisms to implement the Erratum 11838 minimum link key size, which ensures that the encryption stage exchange will fail. As a result, the attacker will be disconnected and a repairing or mutual authentication process would be needed for the device to establish a connection.
Bluetooth SIG also recommends denial of master-slave role switch during authentication and the implementation of mutual authentication. TI’s dual-mode Bluetooth controllers do not allow role switch during the authentication process. However, mutual authentication has not been implemented due to tested interoperability issues. For further details on the recommendations, please see the Bluetooth SIG notice regarding the Bluetooth Impersonation Attacks (BIAS).