| Popis: |
This paper systematically analyzes the security of pairing and provisioning protocols in Bluetooth specifications. More precisely, we show that reflection attacks are possible against various pairing modes of BLE and Bluetooth Classic. Furthermore, we uncover several vulnerabilities in Bluetooth Mesh provisioning, ranging from reflection attacks to cryptographic weaknesses. Each vulnerability is explained in detail, exploitation conditions and impacts on communication security are given. Exploitation scenarios are provided and validated by practical experiments on several devices. Overall, we show that there are protocol flaws in all Pairing modes and in the Mesh Provisioning. Those were reported to the Bluetooth SIG which assigned six CVEs. Impacts discovered range from impersonation to complete Machine in the Middle attacks between devices on the version 5.2 of the Bluetooth specification. |
