Cybersecurity researchers have identified a number of vulnerabilities in two critical Bluetooth services that allow attackers to hijack a pairing request in order to conduct Man-in-the-Middle (MitM) attacks.
The vulnerabilities were spotted by researchers at the French National Agency for the Security of Information Systems (ANSSI) and exist in the Bluetooth Core and Mesh Profile specifications.
Successfully exploiting these vulnerabilities, attackers can intercept pairing requests, masquerade as the initiator and authenticate with the responder, in a classic MitM attack.
