AIKIDO-2025-10961
bthome-ble is vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
40
Medium Risk
This Affects:
bthome-bleTL;DR
Affected versions of this package are vulnerable to a Downgrade Attack in the BTHome protocol due to insufficient encryption counter validation, where the replay protection mechanism only activates when the received encryption_counter is 100 or more, leaving the first 100 button presses and the 100 presses after a 32-bit counter overflow unprotected. An attacker within BLE range can exploit this by capturing a legitimate encrypted advertisement during this vulnerable window and replaying it at any later time, even after the button's internal counter has advanced significantly, thereby forcing the receiver to accept the older, lower counter and trigger the unauthorized action without detection.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
bthome-ble is vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') in versions 0.3.0 - 3.15.0.
How to fix this
Upgrade the bthome-ble library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant