Threat Category: Network Threats: Bluetooth
ID: LPN-16
Threat Description: Bluetooth devices that pair using PIN/Legacy pairing (Bluetooth 2.0 and earlier) or low energy Legacy Pairing are vulnerable to eavesdropping. If an attacker can capture all pairing frames, the secret keys can be determined given enough time, facilitating device tracking, impersonation, and the decryption of data transmitted between devices for which secret keys are known.
Threat Origin
Guide to Bluetooth Security: NIST SP 800-121rev2) 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
To prevent this attack, when pairing devices, observe physical security, such as pairing devices in a secure location outside of which, the ability of an attacker to intercept Bluetooth messages is remote.
Mobile Device userAvoid the use of Bluetooth 2.0 or earlier devices, or those that only support Legacy Pairing.
References
J. Padgette et. al, Guide to Bluetooth Security, Draft SP 800-121 rev. 2, National Institute of Standards and Technology, 2016; http://csrc.nist.gov/publications/drafts/800-121/sp800_121_r2_draft.pdf [accessed 12/07/2016] ↩