Impact
Settings is used to store security related information for bluetooth (e.g. bluetooth mesh keys, ...), this information is stored unencrypted.
Settings can use multiple backends to store this information: nvs, fcb, littlefs.
MCUmgr allows image management, device management and also file management. The file management can be used to copy files from a device. This file management is at the moment limited to littlefs.
Problem description
When settings is used in combination with littlefs all security related information can be extracted from the device using MCUmgr and this could be used e.g in bt-mesh to get the device key, network key, app keys from the device.
Proposed change
There are multiple ways to remove this security issue:
- Do not allow littlefs as a backend for security related settings.
- Encrypt the settings file so it cannot be used.
- Replace settings with another mechanism to store security related information.
- Remove file management from MCUmgr.
Patches
This has been fixed in:
Workaround
The fix for this issue edits the description of the MCUMGR_CMD_FS_MGMT feature to indicate that it is insecure, and adds a check to the hardened configuration to indicate this configuration should not be used. This issue can be addressed, without applying patches, by ensuring that this configuration option is disabled.
For more information
If you have any questions or comments about this advisory:
embargo: 2020-06-25
zepsec: ZEPSEC-57
initial-report: #22340
Laczen Analyst
Impact
Settings is used to store security related information for bluetooth (e.g. bluetooth mesh keys, ...), this information is stored unencrypted.
Settings can use multiple backends to store this information: nvs, fcb, littlefs.
MCUmgr allows image management, device management and also file management. The file management can be used to copy files from a device. This file management is at the moment limited to littlefs.
Problem description
When settings is used in combination with littlefs all security related information can be extracted from the device using MCUmgr and this could be used e.g in bt-mesh to get the device key, network key, app keys from the device.
Proposed change
There are multiple ways to remove this security issue:
Patches
This has been fixed in:
Workaround
The fix for this issue edits the description of the
MCUMGR_CMD_FS_MGMTfeature to indicate that it is insecure, and adds a check to the hardened configuration to indicate this configuration should not be used. This issue can be addressed, without applying patches, by ensuring that this configuration option is disabled.For more information
If you have any questions or comments about this advisory:
embargo: 2020-06-25
zepsec: ZEPSEC-57
initial-report: #22340