Tool/software:
Hello,
I am Suhel Mulla. I am part of the firmware team in Philips Healthcare Innovation Centre at Pune, India. We are using TI Bluetopia stack on WL 1831 chip (Wi-Fi Bluetooth combo).
We observed that, during pairing process, the vulnerability occurs when peripheral accepts an out of order encryption request from the central and the pairing process between peripheral and central successfully completes with a LTK key negotiated to 0.
The Zero LTK Installation allows an attacker to fully bypass the pairing procedure by forcing an encryption setup procedure with a zero filled LTK.
How can we fix this problem?
Regards,
Suhel
