Can't pair certain Bluetooth devices anymore on Windows 8 or 10? That's intentional

[harlan4096]

Microsoft released security updates for all supported versions of the Windows operating system on June 11, 2019. Some of the released updates patch a Bluetooth security vulnerability by "intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs".

In other words: Windows prevents the pairing of certain Bluetooth devices with Windows systems after the latest security update is installed.

Microsoft notes:

You may experience issues pairing, connecting or using certain Bluetooth devices after installing security updates released June 11, 2019. These security updates address a security vulnerability by intentionally preventing connections from Windows to unsecure Bluetooth devices.
A support page on the Microsoft Support website highlights the affected versions and updates:

* Windows 10: all versions.
* Windows 8.1
* Window Server 2019
* Windows Server 2016
* Windows Server 2012 R2
* Windows Server 2012
* Windows Embedded 8 Standard

The CVE reveals that the issue affects Android devices only. It lists Android version 7.0 to Android 9 as potentially affected. Whether a device is affected depends on the manufacturer. If the manufacturer used a provded example Long Term Key, it is affected by the issue. 

In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052.

Continue Reading