ORSHIN Attack Defense Framework

Reflection attack on passkey entry

Description

Reflection attack on passkey entry

Risk Assesment: 4.2

CWE

287

CVE

26558

Attack Surfaces

BLE (MITRE EMB3D PID-4111)

Security Manager Protocol (MITRE EMB3D PID-4113)

Pairing

MagicPairing

Association

Attack Vectors

Authentication challenge reflection (MITRE EMB3D TID-221)

Defenses

Restrict accepted public keys, Abort pairing if the remote public key is identical to the device's local one.