AUMA Bluetooth Fingerprinting Vulnerability in AC1.2 and PROFOX Products
Vulnerability
A vulnerability exists in AUMA Riester GmbH & Co. KG's AC1.2 and PROFOX products delivered between January 1, 2024, and May 9, 2025. These products were shipped with an active Bluetooth module, contrary to the ordered specification to keep Bluetooth deactivated. This unintended activation allows an unauthenticated adjacent attacker to perform Bluetooth fingerprinting, potentially leading to unauthorized data collection or tracking of the device.
Impact
The active Bluetooth module can be exploited for fingerprinting attacks, allowing an attacker to collect and possibly misuse Bluetooth-related data from the affected device.
Remediation
The Bluetooth interface can be manually deactivated using standard procedures outlined in the product manuals. It is recommended to keep Bluetooth turned off during normal operation and only activate it when necessary, such as for configuration or diagnostic purposes.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.