Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

lundi 18 mai 2020

VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate(BR/EDR)Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection,two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated,adjacent attacker to spoof the address of a previously paired remote device to successfully complete the authentication procedure with some paired/bonded devices without knowing the link key. The Bluetooth Impersonation Attack(BIAS)can be performed in two different ways,depending on which Secure Simple Pairing method(either Legacy Secure Connections or Secure Connections)was previously used to establish a connection between two devices. If the pairing procedure was completed using the Secure Connections method,the attacker could claim to be the previously paired remote device that no longer supports secure connections,thereby downgrading the authentication security. This would allow the attacker to proceed with the BIAS method against the legacy authentication unless the device they are attacking is in Secure Connections only mode. If the attacker can either downgrade authentication or is attacking a device that does not support Secure Connections,they can perform the attack using a similar method by initiating a master-slave role switch to place itself into the master role and become the authentication initiator. If successful,they complete the authentication with the remote device. If the remote device does not then mutually authenticate with the attacker in the master role,it will result in the authentication-complete notification on both devices,even though the attacker does not possess the link key. The BIAS method is able to be performed for the following reasons: Bluetooth secure connection establishment is not encrypted and the selection of secure connections pairing method is not enforced for an already established pairing,Legacy Secure Connections secure connection establishment does not require mutual authentication,a Bluetooth device can perform a role switch any time after baseband paging,and devices who paired using Secure Connections can use Legacy Secure Connections during secure connection establishment.

Lien vers l'article source

Auteur: US Cert

Catégories: CertUSNombre de vues: 166


Événements SSI