Security News > 2021 > May > New Bluetooth Vulnerabilities Could Expose Many Devices to Impersonation Attacks
Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.
The flaws, discovered by researchers at France's national cybersecurity agency ANSSI, affect devices that support the Bluetooth Core and Mesh specifications, which define technical and policy requirements for devices operating over Bluetooth connections.
Malicious actors who are within Bluetooth range can exploit the weaknesses to impersonate legitimate devices, according to an advisory published on Monday by the CERT Coordination Center at Carnegie Mellon University.
Advisories for each flaw have also been published by the Bluetooth Special Interest Group, the organization that oversees the development of Bluetooth standards.
In the case of CVE-2020-26555, the Bluetooth SIG explained, "The attacker must be able to identify the of the vulnerable device before it can launch the attack, generally requiring the device to be discoverable. If successful, the attacker will be able to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted by a paired or bonded remote device supporting Legacy Pairing."
As for CVE-2020-26558, the organization explained that an attacker in range of two devices initiating Bluetooth pairing could authenticate one of the victim devices to their own device, but the attack does not allow for successful pairing between the devices, which prevents a fully transparent MitM attack.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-24 | CVE-2020-26558 | Improper Authentication vulnerability in multiple products Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. | 4.2 |
2021-05-24 | CVE-2020-26555 | Incorrect Authorization vulnerability in multiple products Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. | 5.4 |