The problem is caused by flaws (CVE-2019-9506) in the Bluetooth specification BR/EDR Core 5.1 and earlier, which allow the use of too short encryption keys and do not prevent the attacker from interfering at the connection negotiation stage to fallback to such unreliable keys (packets can be substituted by unauthenticated attackers ). The attack can be carried out at the time of device connection negotiation (already established sessions cannot be attacked) and is only effective for connections in BR/EDR (Bluetooth Basic Rate/Enhanced Data Rate) modes if both devices are vulnerable. If the key is successfully selected, the attacker can decrypt the transmitted data and imperceptibly from the victim perform substitution of arbitrary ciphertext into the traffic.
When establishing a connection between two Bluetooth controllers A and B, controller A, after authentication by the link key (link key), can offer to use 16 bytes of entropy for the encryption key (encryption key), and controller B can accept this value or specify a lower value, in if it is not possible to generate a key of the proposed size. In response, controller A may accept the response offer and activate the encrypted communication channel. At this stage of parameter negotiation, encryption is not applied, so the attacker has the opportunity to break into the data exchange between the controllers and replace the packet with the proposed entropy size. Since the allowed key size varies from 1 to 16 bytes, the second controller will accept this value and send its acknowledgment indicating the same size.
To reproduce the vulnerability in laboratory conditions (the attacker's activity was emitted on one of the devices),
For a real attack, the attacker must be in the receiving area of the victim's devices and be able to briefly block the signal from each device, which is proposed to be implemented through signal manipulation or reactive jamming.
The Bluetooth SIG, which is responsible for developing Bluetooth standards,
Source: opennet.ru