Vulnerability Note

Hi,

We just published a white paper which describe this issue in detail: nWP031 - Security Threat in Bluetooth LESC Pairing.

In a nutshell, the problem is that the Bluetooth specification did not require that the remote public key be validated before it is used to calculate the shared secret during the Diffie–Hellman key exchange. The LE Secure Connection implementation for Nordic devices reside in SDK "space" rather than in the SoftDevice (stack), so this issue can be fixed in the SDK. The fix is to always validate the remote public key before it is used to generate the shared secret. This issue is not present in SDK 15.0.0, which always validates the remote public in the BLE LESC module.

Hi

I was wondering how this affects BLE Mesh. If I was using SDK 14 but using NFC to transfer the DHEC parameters, would there still be a vulnerability? Or would the vulnerability only exist if I was not using NFC.

I read the white paper and it did not appear to address this question.

Thanks in advance for responding.

Hi,

BLE Mesh is not affected in any way. This issue only concerns LE Secure Connections (LESC) which is not used in BLE Mesh.

Hi,

BLE Mesh is not affected in any way. This issue only concerns LE Secure Connections (LESC) which is not used in BLE Mesh.