Realtek Bluetooth Flaw Lets Hackers Trigger DoS Attacks
A newly discovered vulnerability in Realtek’s RTL8762E SDK v1.4.0 exposes devices to denial-of-service attacks via the Bluetooth Low Energy Secure Connections pairing protocol. The Realtek Bluetooth Flaw Lets attackers exploit improper protocol state validation during the pairing process, enabling disruption without requiring authentication or elevated privileges.
Researchers identified the flaw in the RTL8762EKF-EVB development board, where attackers can inject premature Pairing Random packets. This disrupts the sequence mandated by the Bluetooth Core Specification v5.3. The Realtek Bluetooth Flaw Lets attackers bypass the required exchange of Pairing Public Keys, causing the device to enter invalid states and block secure connections.
Technical analysis attributes the problem to weak state validation in the Security Manager Protocol layer. To mitigate the risk, developers should enforce strict message sequencing and discard out-of-order packets. Organizations using affected firmware should update their BLE stack and monitor for unusual pairing activity.
Read the full official article at: