Bluetooth SIG Statement Regarding the ‘Predictable AuthValue in Bluetooth Mesh Provisioning Leads to MITM’ Vulnerability
Researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) have identified a security vulnerability related to provisioning in the Bluetooth® Mesh Profile Specification versions 1.0 and 1.0.1. The researches identified that it is possible for an attacker observing or taking part in the Mesh Provisioning procedure to brute force the AuthValue if has a fixed value or is selected predictably or with low entropy.
Identifying the AuthValue generally requires a brute-force search against the provisioning random and provisioning confirmation produced by the Provisioner. This brute-force search, for a randomly selected AuthValue, must complete before the provisioning procedure times out, which can require significant resources.
If the AuthValue is not selected randomly with each new provisioning attempt, then the brute-force search can occur offline and if successful, permits an attacker to identify the AuthValue and authenticate to both the Provisioner and provisioned devices, permitting a MITM attack on a future provisioning attempt with the same AuthValue.
The Bluetooth SIG is recommending that mesh implementations enforce a randomly selected AuthValue using all of the available bits, where permitted by the implementation.
The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.
For more information, please refer to the statement from the CERT Coordination Center.