Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

May 25, 2021

Adversaries might exploit newly found safety weaknesses in Bluetooth Core and Mesh Profile Specs to masquerade as reputable gadgets and perform man-in-the-middle (MitM) assaults.

“Units supporting the Bluetooth Core and Mesh Specifications are weak to impersonation assaults and AuthValue disclosure that might enable an attacker to impersonate a reputable gadget throughout pairing,” the Carnegie Mellon CERT Coordination Heart said in an advisory revealed Monday.

The 2 Bluetooth specs outline the usual that permits for many-to-many communication over the short-range wi-fi expertise to facilitate information switch between gadgets in an ad-hoc community.

password auditor

The Bluetooth Impersonation AttackS, aka BIAS, allow a malicious actor to ascertain a safe reference to a sufferer, with out having to know and authenticate the long-term key shared between the victims, thus successfully bypassing Bluetooth’s authentication mechanism.

“The BIAS assaults are the primary uncovering points associated to Bluetooth’s safe connection institution authentication procedures, adversarial position switches, and Safe Connections downgrades,” the researchers said. “The BIAS assaults are stealthy, as Bluetooth safe connection institution doesn’t require person interplay.”

“To verify that the BIAS assaults are sensible, we efficiently conduct them towards 31 Bluetooth gadgets (28 distinctive Bluetooth chips) from main {hardware} and software program distributors, implementing all the key Bluetooth variations, together with Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR.”

As well as, 4 separate flaws have been uncovered in Bluetooth Mesh Profile Specification variations 1.0 and 1.0.1. A abstract of the failings is as follows –

  • CVE-2020-26555 – Impersonation in Bluetooth legacy BR/EDR pin-pairing protocol (Core Specification 1.0B by means of 5.2)
  • CVE-2020-26558 – Impersonation within the Passkey entry protocol throughout Bluetooth LE and BR/EDR safe pairing (Core Specification 2.1 by means of 5.2)
  • N/A – Authentication of the Bluetooth LE legacy pairing protocol (Core Specification 4.0 by means of 5.2)
  • CVE-2020-26556 – Malleable dedication in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)
  • CVE-2020-26557 – Predictable AuthValue in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)
  • CVE-2020-26559 – Bluetooth Mesh Profile AuthValue leak (Mesh profile 1.0 and 1.0.1)
  • CVE-2020-26560 – Impersonation assault in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)

“Our assaults work even when the victims are utilizing Bluetooth’s strongest safety modes, e.g., SSP and Safe Connections. Our assaults goal the standardized Bluetooth authentication process, and are subsequently efficient towards any customary compliant Bluetooth gadget,” the researchers mentioned.

The Android Open Supply Mission (AOSP), Cisco, Cradlepoint, Intel, Microchip Expertise, and Purple Hat are among the many recognized distributors with merchandise impacted by these safety flaws. AOSP, Cisco, and Microchip Expertise mentioned they’re at the moment working to mitigate the problems.

The Bluetooth Particular Curiosity Group (SIG), the group that oversees the event of Bluetooth requirements, has additionally issued security notices for every of the six flaws. Bluetooth customers are advisable to put in the newest advisable updates from gadget and working system producers as and when they’re obtainable.

Posted in SecurityTags:
Write a comment