Bluetooth flaws allow attackers to impersonate legitimate devices

Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks.

The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable mesh networking solutions.

Successfully exploiting the vulnerabilities found and reported by researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI), could enable the attackers to launch MitM attacks while within wireless range of vulnerable devices.

The Bluetooth Special Interest Group (Bluetooth SIG), the organization overseeing the development of Bluetooth standards, also issued security advisories earlier today, providing recommendations for each of the seven security flaws impacting the two vulnerable specs. 

Detailed information on the discovered vulnerabilities, including the affected Bluetooth specs and links to Bluetooth SIG advisories and recommendations, is available in the table embedded below.

CVE IDVulnerabilityAffected specsDetails
CVE-2020-26559Bluetooth Mesh Profile AuthValue leakMesh Profile Spec, v1.0 to v1.0.1SIG Security Notice
CVE-2020-26556Malleable commitment in Bluetooth Mesh Profile provisioningMesh Profile Spec, v1.0 to v1.0.1SIG Security Notice
CVE-2020-26557Predictable Authvalue in Bluetooth Mesh Profile provisioning leads to MITMMesh Profile Spec, v1.0 to v1.0.1SIG Security Notice
CVE-2020-26560Impersonation attack in Bluetooth Mesh Profile provisioningMesh Profile Spec, v1.0 to v1.0.1SIG Security Notice
CVE-2020-26555Impersonation in the BR/EDR pin-pairing protocolCore Spec, v1.0B to 5.2SIG Security Notice
N/AAuthentication of the Bluetooth LE legacy-pairing protocolCore Spec, v4.0 to 5.2SIG Security Notice
CVE-2020-26558Impersonation in the Passkey entry protocolCore Spec, v2.1 to 5.2SIG Security Notice

“The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches,” the organization said.

“As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.”

Impacted vendors work on patching the flaws

The Android Open Source Project (AOSP), Cisco, Intel, Red Hat, Microchip Technology, and Cradlepoint are among the vendors identified so far with products impacted by these security flaws, according to the Carnegie Mellon CERT Coordination Center (CERT/CC).

AOSP is working on publishing security updates to address the CVE-2020-26555 and CVE-2020-26558 vulnerabilities affecting Android devices.

“Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin,” AOSP told CERT/CC.

Cisco is also working on patching the CVE-2020-26555 and CVE-2020-26558 issues impacting its products.

“Cisco is tracking these vulnerabilities via incident PSIRT-0503777710,” the company said.

“Cisco has investigated the impact of the aforementioned Bluetooth Specification vulnerabilities and is currently waiting for all the individual product development teams to provide Software fixes to address them.”

Although affected by some of the flaws, Intel, Red Hat, and Cradlepoint did not provide statements to CERT/CC before the vulnerabilities were disclosed.

NOTE:: This article is copyright by and we are using it for educational or Information purpose only

Best Cyber Security Products & Solutions