14 DAY TRIAL // The Bluetooth core and mesh profile specifications may be exploited by cybercriminals as legit devices and perform man-in-the-middle (Mit-) attacks.
According to the Carnegie Mellon CERT Coordination Center, "Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing".
The two Bluetooth specifications ensure the protocol for many-to-many Bluetooth communications and enable the sharing of data through ad-hoc networks between devices.
Bluetooth Impersonation AttackS, also called BIAS, allows a cybercriminal to create a safe connection with a victim and effectively bypass the authentication mechanism of Bluetooth.
According to the security researchers, the first problems associated with the safe establishment of Bluetooth authentication procedures, adverse function switches, and downgrades of secure connections are the BIAS attacks. They are quite steady since a safe Bluetooth link does not need user interaction.
In order to confirm that BIAS attacks are practically efficient, researchers tested out all the major Bluetooth versions of Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR against the 31 Bluetooth devices from leading tech suppliers (28 specific Bluetooth chips).
In Bluetooth Mesh Profile Specification versions 1.0 and 1.0.1 there are also four different flaws.
The following is a rundown of the vulnerabilities
CVE-2020-26555 - Impersonation in Bluetooth legacy BR/EDR pin-pairing protocol (Core Spec, v1.0B to 5.2)
CVE-2020-26558 - Impersonation in the Passkey entry protocol during Bluetooth LE and BR/EDR secure pairing (Core Spec, v2.1 to 5.2)
N/A - Authentication of the Bluetooth LE legacy pairing protocol (Core Specification 4.0 through 5.2)
CVE-2020-26556 - Malleable commitment in Bluetooth Mesh Profile provisioning (Mesh Profile Spec, v1.0 to v1.0.1)
CVE-2020-26557 - Predictable AuthValue in Bluetooth Mesh Profile provisioning (Mesh Profile Spec, v1.0 to v1.0.1)
CVE-2020-26559 - Bluetooth Mesh Profile AuthValue leak (Mesh Profile Spec, v1.0 to v1.0.1)
CVE-2020-26560 - Impersonation attack in Bluetooth Mesh Profile provisioning (Mesh Profile Spec, v1.0 to v1.0.1)
Amongst the listed vendors for products affected by these security defects are Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat. AOSP, Cisco, and Microchip Technology stated that they are working to mitigate the problems.
For each of the 6 flaws, the Special Interest Group (SIG) of Bluetooth has given security notice for the improvement of the Bluetooth standards. It is highly recommended for Bluetooth users to install the latest updates when required from device and operating system manufacturers.