Home Cyber Security News Multiple Bluetooth Vulnerabilities Allowed Spoofing Legit Devices – Update Now

Multiple Bluetooth Vulnerabilities Allowed Spoofing Legit Devices – Update Now

by Abeerah Hashim
bluetooth vulnerabilities

Researchers have found numerous vulnerabilities in Bluetooth technology allowing man-in-the-middle (MiTM) attacks. Exploiting these bugs could specifically let an adversary spoof legit devices to trick target users.

Bluetooth Vulnerabilities Allowed Spoofing Devices

The Carnegie Mellon University (CMU) has recently shared an advisory highlighting some newly discovered Bluetooth security bugs. As revealed, these vulnerabilities affecting the Bluetooth technology could allow MiTM attacks.

In brief, the researchers from Agence nationale de la sécurité des systèmes d’information (ANSSI) found as much as six different vulnerabilities in Bluetooth. These bugs typically affected the Bluetooth Core Specification and Mesh Profile Specification.

These bugs include,

  • CVE-2020-26558: impersonation attack flaw in Passkey Entry protocol. An attacker could determine the passkey required for pairing as a MiTM.
  • CVE-2020-26555: impersonation attack flaw targeted the Bluetooth BR/EDR PIN Pairing procedure. An attacker within the wireless range of the target device could spoof the Bluetooth Device Address (BD_ADDR) of the victim device and pair without pin codes.
  • CVE-2020-26560: vulnerability in the Bluetooth Mesh Provisioning procedure allowed an adversary within the wireless range of Mesh Provisioner to spoof a device being provisioned and use crafted responses to appear to possess the AuthValue.
  • CVE-2020-26557: An attacker may brute force the AuthValue even offline for a future MiTM attack targeting the provisioning devices.
  • CVE-2020-26556: identifying the AuthValue during provisioning could let an attacker secure a Netkey, thus making the Mesh authentication protocol vulnerable.
  • CVE-2020-26559: vulnerability in Mesh Provisioning could allow a provisioned attacker to know the AuthValue.

Patches Being Deployed

Upon discovering the bugs, the researchers informed the relevant vendors, particularly the vulnerable ones, about the matter.

According to the advisory, vendors with vulnerable devices include Android Open Source Project, Cisco, Cradlepoint, Intel, Microchip Technology, RedHat, and Sierra Wireless. Whereas, some of the prominent vendors that remained unaffected include F5 Networks Inc., Check Point, McAfee, VMware, Zyxel, and more.

Besides, the advisory also lists a long list of vendors about whom the impact remains unknown.

As for the users, they should ensure downloading the latest updates from their vendors to receive the patches as and when released.

Let us know your thoughts in the comments.

You may also like

Latest Hacking News

Privacy Preference Center


The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]


DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.



The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid