Bluetooth SIG Statement Regarding the ‘Authentication of the LE Legacy Pairing’ Vulnerability
Researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI) have identified a potential security vulnerability related to LE Legacy Pairing authentication in Bluetooth® Core Specification versions 4.0 through 5.2. The researchers identified that an attacker can reflect the confirmation and random numbers of a peer device in LE legacy pairing to successfully complete legacy authentication phase 2 without knowledge of the temporary key (TK).
Because the attacker does not acquire a TK, or valid short-term key (STK) during this attack, completing authentication phase 2 is not sufficient for an encrypted link to be established. The Bluetooth SIG does not consider this to be a method which can provide unauthorized access to a device.
For more information, please refer to the statement from the CERT Coordination Center.