Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

New Bluetooth Vulnerabilities Could Expose Many Devices to Impersonation Attacks

Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.

Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.

The flaws, discovered by researchers at France’s national cybersecurity agency ANSSI, affect devices that support the Bluetooth Core and Mesh specifications, which define technical and policy requirements for devices operating over Bluetooth connections.

Malicious actors who are within Bluetooth range can exploit the weaknesses to impersonate legitimate devices, according to an advisory published on Monday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.

Advisories for each flaw have also been published by the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards.

The vulnerabilities identified by ANSSI do not appear to be easy to exploit and most of them have mitigating factors, including related to the timing of the attack.

The list of organizations whose products have been confirmed to be affected — at least by some of the vulnerabilities — includes the Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology and Red Hat. Two dozen vendors appear to have confirmed that their products are not impacted. There are also 200 other vendors whose products could be vulnerable, but they currently have an “unknown” status in CERT/CC’s advisory.

Impacted vendors appear to be working on patches. In the case of Android, the mobile operating system is affected by three of the vulnerabilities, but only two will be patched with upcoming updates — the third has a negligible security impact, according to AOSP.

The vendors that have confirmed the vulnerabilities said their products appear to be mostly impacted by CVE-2020-26555 and CVE-2020-26558, both of which have been described as impersonation issues.

Advertisement. Scroll to continue reading.

In the case of CVE-2020-26555, the Bluetooth SIG explained, “The attacker must be able to identify the [Bluetooth Device Address] of the vulnerable device before it can launch the attack, generally requiring the device to be discoverable. If successful, the attacker will be able to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted by a paired or bonded remote device supporting Legacy Pairing.”

As for CVE-2020-26558, the organization explained that an attacker in range of two devices initiating Bluetooth pairing could authenticate one of the victim devices to their own device, but the attack does not allow for successful pairing between the devices, which prevents a fully transparent MitM attack.

The Bluetooth SIG has provided a series of recommendations for preventing exploitation of the vulnerabilities.

Related: Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices

Related: BleedingTooth: Vulnerabilities in Linux Bluetooth Allow Zero-Click Attacks

Related: SweynTooth: Bluetooth Vulnerabilities Expose Many Devices to Attacks

Related: BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.