Method confusion attack

Description

Method confusion attack

Risk Assesment: 6.3

CWE

351

436

CVE

10134

Attack Surfaces

BLE (MITRE EMB3D PID-4111)

Security Manager Protocol (MITRE EMB3D PID-4113)

Pairing

MagicPairing

Attack Vectors

Authentication skip (MITRE EMB3D TID-411)

Defenses

Enforce specific authentication method, Use OOB authentication

User interface fix, Display authentication method warning to the user

Authentication method validation, Embed information about the authentication method in the authentication data itself to make them distinguishable