Site icon The Cybersecurity Daily News

Bluetooth Core and Mesh Profile Found with Critical Vulnerabilities

Bluetooth Core and Mesh

CyberDaily: Cybersecurity news

In the latest security development, researchers have newly detected several vulnerabilities in the Bluetooth Core and Mesh services that can facilities malicious entities with the ability to seize a pairing request and deploy MitM i.e Man-in-the-middle attacks.

Critical Bluetooth Core and Mesh vulnerabilities:

To the unaware, a man-in-the-middle (MitM) attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. 

Security researchers at the French National Agency for the Security of Information Systems (ANSSI) have detected these vulnerabilities in the Bluetooth services.

According to ANSSI, these security holes are persistent in the Bluetooth Core and Mesh Profile specifications.

Also read,

These specifications determine requirements needed by Bluetooth devices to communicate with each other and for devices using low energy wireless technology to enable interoperable mesh networking solutions.

Successful exploitation of these vulnerabilities can lead to threat actors establishing a secure connection with a victim, without having to know and authenticate the long-term key shared between the victims, thus effectively bypassing Bluetooth’s authentication mechanism.

The Bluetooth SIG i.e. Special Interest Group has also issued security advisories regarding the security vulnerabilities.

List of Bluetooth Core and Mesh bugs:

The following list describes the vulnerabilities and their details regarding the security flaws in Bluetooth services.

According to CERT Coordination Center, vendors like Android Open Source Project (AOSP), Cisco, Intel, Red Hat, Microchip Technology, and Cradlepoint have products affected due to the Bluetooth and Mesh vulnerabilities.

Exit mobile version