Threat Category: Network Threats: Bluetooth
ID: LPN-15
Threat Description: An attacker may be able to force or entice a Bluetooth device to participate in Just Works SSP, which is susceptible to MiTM attacks.
Threat Origin
Guide to Bluetooth Security: Draft NIST SP 800-121rev2 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
To reduce opportunity for this attack, disable Bluetooth when that feature is not in use.
EnterpriseUse EMM/MDM solutions in combination with devices that successfully enforce a policy inhibit Just Works functionality or disable Bluetooth entirely, as appropriate.
References
J. Padgette et. al, Guide to Bluetooth Security, Draft SP 800-121 rev. 2, National Institute of Standards and Technology, 2016; http://csrc.nist.gov/publications/drafts/800-121/sp800_121_r2_draft.pdf [accessed 12/07/2016] ↩