Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

New Bluetooth Vulnerabilities Could Expose Many Devices to Impersonation Attacks

Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.

Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.

The flaws, discovered by researchers at France’s national cybersecurity agency ANSSI, affect devices that support the Bluetooth Core and Mesh specifications, which define technical and policy requirements for devices operating over Bluetooth connections.

Malicious actors who are within Bluetooth range can exploit the weaknesses to impersonate legitimate devices, according to an advisory published on Monday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.

Advisories for each flaw have also been published by the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards.

The vulnerabilities identified by ANSSI do not appear to be easy to exploit and most of them have mitigating factors, including related to the timing of the attack.

The list of organizations whose products have been confirmed to be affected — at least by some of the vulnerabilities — includes the Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology and Red Hat. Two dozen vendors appear to have confirmed that their products are not impacted. There are also 200 other vendors whose products could be vulnerable, but they currently have an “unknown” status in CERT/CC’s advisory.

Impacted vendors appear to be working on patches. In the case of Android, the mobile operating system is affected by three of the vulnerabilities, but only two will be patched with upcoming updates — the third has a negligible security impact, according to AOSP.

The vendors that have confirmed the vulnerabilities said their products appear to be mostly impacted by CVE-2020-26555 and CVE-2020-26558, both of which have been described as impersonation issues.

In the case of CVE-2020-26555, the Bluetooth SIG explained, “The attacker must be able to identify the [Bluetooth Device Address] of the vulnerable device before it can launch the attack, generally requiring the device to be discoverable. If successful, the attacker will be able to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted by a paired or bonded remote device supporting Legacy Pairing.”

As for CVE-2020-26558, the organization explained that an attacker in range of two devices initiating Bluetooth pairing could authenticate one of the victim devices to their own device, but the attack does not allow for successful pairing between the devices, which prevents a fully transparent MitM attack.

The Bluetooth SIG has provided a series of recommendations for preventing exploitation of the vulnerabilities.

Related: Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices

Related: BleedingTooth: Vulnerabilities in Linux Bluetooth Allow Zero-Click Attacks

Related: SweynTooth: Bluetooth Vulnerabilities Expose Many Devices to Attacks

Related: BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.