In the latest security development, researchers have newly detected several vulnerabilities in the Bluetooth Core and Mesh services that can facilities malicious entities with the ability to seize a pairing request and deploy MitM i.e Man-in-the-middle attacks.
Critical Bluetooth Core and Mesh vulnerabilities:
To the unaware, a man-in-the-middle (MitM) attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two.
Security researchers at the French National Agency for the Security of Information Systems (ANSSI) have detected these vulnerabilities in the Bluetooth services.
According to ANSSI, these security holes are persistent in the Bluetooth Core and Mesh Profile specifications.
These specifications determine requirements needed by Bluetooth devices to communicate with each other and for devices using low energy wireless technology to enable interoperable mesh networking solutions.
Successful exploitation of these vulnerabilities can lead to threat actors establishing a secure connection with a victim, without having to know and authenticate the long-term key shared between the victims, thus effectively bypassing Bluetooth’s authentication mechanism.
The Bluetooth SIG i.e. Special Interest Group has also issued security advisories regarding the security vulnerabilities.
List of Bluetooth Core and Mesh bugs:
The following list describes the vulnerabilities and their details regarding the security flaws in Bluetooth services.
- CVE-2020-26555 – Impersonation in Bluetooth legacy BR/EDR pin-pairing protocol (Core Specification 1.0B through 5.2)
- CVE-2020-26558 – Impersonation in the Passkey entry protocol during Bluetooth LE and BR/EDR secure pairing (Core Specification 2.1 through 5.2)
- N/A – Authentication of the Bluetooth LE legacy pairing protocol (Core Specification 4.0 through 5.2)
- CVE-2020-26556 – Malleable commitment in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)
- CVE-2020-26557 – Predictable AuthValue in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)
- CVE-2020-26559 – Bluetooth Mesh Profile AuthValue leak (Mesh profile 1.0 and 1.0.1)
- CVE-2020-26560 – Impersonation attack in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)
According to CERT Coordination Center, vendors like Android Open Source Project (AOSP), Cisco, Intel, Red Hat, Microchip Technology, and Cradlepoint have products affected due to the Bluetooth and Mesh vulnerabilities.