Researchers have found numerous vulnerabilities in Bluetooth technology allowing man-in-the-middle (MiTM) attacks. Exploiting these bugs could specifically let an adversary spoof legit devices to trick target users.
Bluetooth Vulnerabilities Allowed Spoofing Devices
The Carnegie Mellon University (CMU) has recently shared an advisory highlighting some newly discovered Bluetooth security bugs. As revealed, these vulnerabilities affecting the Bluetooth technology could allow MiTM attacks.
In brief, the researchers from Agence nationale de la sécurité des systèmes d’information (ANSSI) found as much as six different vulnerabilities in Bluetooth. These bugs typically affected the Bluetooth Core Specification and Mesh Profile Specification.
These bugs include,
- CVE-2020-26558: impersonation attack flaw in Passkey Entry protocol. An attacker could determine the passkey required for pairing as a MiTM.
- CVE-2020-26555: impersonation attack flaw targeted the Bluetooth BR/EDR PIN Pairing procedure. An attacker within the wireless range of the target device could spoof the Bluetooth Device Address (BD_ADDR) of the victim device and pair without pin codes.
- CVE-2020-26560: vulnerability in the Bluetooth Mesh Provisioning procedure allowed an adversary within the wireless range of Mesh Provisioner to spoof a device being provisioned and use crafted responses to appear to possess the AuthValue.
- CVE-2020-26557: An attacker may brute force the AuthValue even offline for a future MiTM attack targeting the provisioning devices.
- CVE-2020-26556: identifying the AuthValue during provisioning could let an attacker secure a Netkey, thus making the Mesh authentication protocol vulnerable.
- CVE-2020-26559: vulnerability in Mesh Provisioning could allow a provisioned attacker to know the AuthValue.
Patches Being Deployed
Upon discovering the bugs, the researchers informed the relevant vendors, particularly the vulnerable ones, about the matter.
According to the advisory, vendors with vulnerable devices include Android Open Source Project, Cisco, Cradlepoint, Intel, Microchip Technology, RedHat, and Sierra Wireless. Whereas, some of the prominent vendors that remained unaffected include F5 Networks Inc., Check Point, McAfee, VMware, Zyxel, and more.
Besides, the advisory also lists a long list of vendors about whom the impact remains unknown.
As for the users, they should ensure downloading the latest updates from their vendors to receive the patches as and when released.
Let us know your thoughts in the comments.