Bluetooth SIG officially acknowledges serious Bluetooth security vulnerability

The Bluetooth Special Interest Group (Bluetooth SIG) is the standards organization that oversees the development of Bluetooth standards and the licensing of the Bluetooth technologies and trademarks to manufacturers. Recently, it admitted that there is a serious Bluetooth security vulnerability. This vulnerability makes it easier for attackers to force pairing with your device.

Bluetooth connection works by having both devices to accept a connection. One sends a request, the other must accept it. It authenticates the identity of the device by exchanging the public key and generates an encryption key for the connection. This is to ensure that the connection is secure. However, with the recent vulnerability, an attacker could interfere with the encryption settings. The attacker can create a shorter encryption key making it easier to establish a connection. In addition, some Bluetooth products with lower security levels are more vulnerable. This is because not all Bluetooth specifications give a minimum length of explicit encryption keys.

Bluetooth SIG requires vendors to update their Bluetooth devices to ensure that the encryption key is at least 7 octets. If the encryption key length meets the standard, such attacks can be prevented. This is because the window time available for spoofing connections is very short.

Via