Bluetooth Flaws Allow Attackers to Impersonate Legitimate Devices
Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks.
The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable mesh networking solutions.
Successfully exploiting the vulnerabilities found and reported by researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI), could enable the attackers to launch MitM attacks while within wireless range of vulnerable devices.
The Bluetooth Special Interest Group (Bluetooth SIG), the organization overseeing the development of Bluetooth standards, also issued security advisories earlier today, providing recommendations for each of the seven security flaws impacting the two vulnerable specs.
Detailed information on the discovered vulnerabilities, including the affected Bluetooth specs and links to Bluetooth SIG advisories and recommendations, is available in the table embedded below.
Also Read: The DNC Singapore: Looking at 2 Sides Better
| CVE ID | Vulnerability | Affected specs | Details |
| CVE-2020-26559 | Bluetooth Mesh Profile AuthValue leak | Mesh Profile Spec, v1.0 to v1.0.1 | SIG Security Notice |
| CVE-2020-26556 | Malleable commitment in Bluetooth Mesh Profile provisioning | Mesh Profile Spec, v1.0 to v1.0.1 | SIG Security Notice |
| CVE-2020-26557 | Predictable Authvalue in Bluetooth Mesh Profile provisioning leads to MITM | Mesh Profile Spec, v1.0 to v1.0.1 | SIG Security Notice |
| CVE-2020-26560 | Impersonation attack in Bluetooth Mesh Profile provisioning | Mesh Profile Spec, v1.0 to v1.0.1 | SIG Security Notice |
| CVE-2020-26555 | Impersonation in the BR/EDR pin-pairing protocol | Core Spec, v1.0B to 5.2 | SIG Security Notice |
| N/A | Authentication of the Bluetooth LE legacy-pairing protocol | Core Spec, v4.0 to 5.2 | SIG Security Notice |
| CVE-2020-26558 | Impersonation in the Passkey entry protocol | Core Spec, v2.1 to 5.2 | SIG Security Notice |
“The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches,” the organization said.
“As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.”
Impacted vendors work on patching the flaws
The Android Open Source Project (AOSP), Cisco, Intel, Red Hat, Microchip Technology, and Cradlepoint are among the vendors identified so far with products impacted by these security flaws, according to the Carnegie Mellon CERT Coordination Center (CERT/CC).
AOSP is working on publishing security updates to address the CVE-2020-26555 and CVE-2020-26558 vulnerabilities affecting Android devices.
“Android has assessed this issue as High severity for Android OS and will be issuing a patch for this vulnerability in an upcoming Android security bulletin,” AOSP told CERT/CC.
Cisco is also working on patching the CVE-2020-26555 and CVE-2020-26558 issues impacting its products.
“Cisco is tracking these vulnerabilities via incident PSIRT-0503777710,” the company said.
Also Read: 4 Best Practices on How to Use SkillsFuture Credit
“Cisco has investigated the impact of the aforementioned Bluetooth Specification vulnerabilities and is currently waiting for all the individual product development teams to provide Software fixes to address them.”
Although affected by some of the flaws, Intel, Red Hat, and Cradlepoint did not provide statements to CERT/CC before the vulnerabilities were disclosed.
0 Comments