Security Experts:

Connect with us

Hi, what are you looking for?



New Bluetooth Vulnerabilities Could Expose Many Devices to Impersonation Attacks

Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.

Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of attacks.

The flaws, discovered by researchers at France’s national cybersecurity agency ANSSI, affect devices that support the Bluetooth Core and Mesh specifications, which define technical and policy requirements for devices operating over Bluetooth connections.

Malicious actors who are within Bluetooth range can exploit the weaknesses to impersonate legitimate devices, according to an advisory published on Monday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.

Advisories for each flaw have also been published by the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards.

The vulnerabilities identified by ANSSI do not appear to be easy to exploit and most of them have mitigating factors, including related to the timing of the attack.

The list of organizations whose products have been confirmed to be affected — at least by some of the vulnerabilities — includes the Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology and Red Hat. Two dozen vendors appear to have confirmed that their products are not impacted. There are also 200 other vendors whose products could be vulnerable, but they currently have an “unknown” status in CERT/CC’s advisory.

Impacted vendors appear to be working on patches. In the case of Android, the mobile operating system is affected by three of the vulnerabilities, but only two will be patched with upcoming updates — the third has a negligible security impact, according to AOSP.

The vendors that have confirmed the vulnerabilities said their products appear to be mostly impacted by CVE-2020-26555 and CVE-2020-26558, both of which have been described as impersonation issues.

In the case of CVE-2020-26555, the Bluetooth SIG explained, “The attacker must be able to identify the [Bluetooth Device Address] of the vulnerable device before it can launch the attack, generally requiring the device to be discoverable. If successful, the attacker will be able to complete pairing with a known link key, encrypt communications with the vulnerable device, and access any profiles permitted by a paired or bonded remote device supporting Legacy Pairing.”

As for CVE-2020-26558, the organization explained that an attacker in range of two devices initiating Bluetooth pairing could authenticate one of the victim devices to their own device, but the attack does not allow for successful pairing between the devices, which prevents a fully transparent MitM attack.

The Bluetooth SIG has provided a series of recommendations for preventing exploitation of the vulnerabilities.

Related: Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices

Related: BleedingTooth: Vulnerabilities in Linux Bluetooth Allow Zero-Click Attacks

Related: SweynTooth: Bluetooth Vulnerabilities Expose Many Devices to Attacks

Related: BLURtooth Vulnerability Can Allow Bluetooth MITM Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...