Description
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Bluetooth / BR/EDR5.2 – 5.2
References
- MISChttps://kb.cert.org/vuls/id/647177/
- MAILING_LISThttp://seclists.org/fulldisclosure/2020/Jun/5
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
- MISChttps://francozappa.github.io/about-bias/
- MISChttps://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/
- EXPLOIThttp://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html