Security News > 2021 > May > Bluetooth flaws allow attackers to impersonate legitimate devices

Bluetooth flaws allow attackers to impersonate legitimate devices
2021-05-24 18:43

Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle attacks.

The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable mesh networking solutions.

Successfully exploiting the vulnerabilities found and reported by researchers at the Agence nationale de la sécurité des systèmes d'information, could enable the attackers to launch MitM attacks while within wireless range of vulnerable devices.

The Bluetooth Special Interest Group, the organization overseeing the development of Bluetooth standards, also issued security advisories earlier today, providing recommendations for each of the seven security flaws impacting the two vulnerable specs.

Detailed information on the discovered vulnerabilities, including the affected Bluetooth specs and links to Bluetooth SIG advisories and recommendations, is available in the table embedded below.

VU#799380: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure https://t.


News URL

https://www.bleepingcomputer.com/news/security/bluetooth-flaws-allow-attackers-to-impersonate-legitimate-devices/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bluetooth 4 0 9 7 0 16