News

Microsoft Blocks Pairing of Bluetooth Low Energy Security Keys on Windows

Giulio Saggin
Giulio Saggin
Tuesday, 28 November 2023

June's Patch Tuesday security updates have come with a warning from Microsoft that it will block the pairing of several Bluetooth Low Energy (BLE) security keys on Windows.

"These security updates address a security vulnerability by intentionally preventing connections from Windows to unsecure Bluetooth devices. Any device using well-known keys to encrypt connections may be affected, including certain security fobs," said Microsoft in a statement.

The vulnerability (CVE-2019-2102) refers to Feitian and Google Titan security keys, both of which have a misconfiguration in the Bluetooth pairing protocols. The 'security fobs' refer to Google's BLE Titan Security Keys (T1 or T2 code), as well as Feitian CTAP1/U2F Security Key.

Google became aware of the bug in mid-May, noting at the time that, "it is possible for an attacker who is physically close to you (30 feet - 10 metres - or so) at the moment you use your security key to (a) communicate with your security key, or (b) communicate with the device to which your key is paired."

As a result of Patch Tuesday's finding, Microsoft has "blocked the pairing of these Bluetooth Low Energy (BLE) keys with the pairing misconfiguration."

Those with affected devices have been asked to look into requesting a free replacement, which both Google and Feitian are providing for free.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203