7 New Bugs in Bluetooth Let Hackers Impersonate As Legitimate Device & Launch DDoS Attacks

https://gbhackers.com/7-new-bugs-in-bluetooth-let-hackers-impersonate-as-legitimate-device-launch-ddos-attacks/

Vulnerability: Bluetooth Mesh Profile AuthValue leakage.
Impacted specifications: Mesh Profile Spec, v1.0 to v1.0.1.
Notice: SIG Security Notice (https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/).

Researchers at the French National Agency for the Security of Information Systems (ANSSI) found and reported to the Bluetooth Special Interest Group (Bluetooth SIG), its a group that supervises the advancement of Bluetooth standards.

Impacted suppliers.

In overall 7 vulnerabilities were exposed, including the vulnerabilities affected during device pairing and provisioning to join a mesh network..

Vulnerability: Impersonation in the BR/EDR pin-pairing procedure.
Affected specs: Core Spec, v1.0 B to 5.2.
Notification: SIG Security Notice (https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/).

The security experts have explained these 2 requirements as vulnerabilities, and here they are discussed listed below:-.

The cybersecurity professionals have actually asserted that in the Bluetooth Core Specification versions 4.0– 5.2 the vulnerabilities are associated with LE Legacy Pairing authentication.

Vulnerability: Predictable Authvalue in Bluetooth Mesh Profile provisioning leads to MITM.
Impacted specs: Mesh Profile Spec, v1.0 to v1.0.1.
Notice: SIG Security Notice (https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/).

Vulnerability: Impersonation attack in Bluetooth Mesh Profile provisioning.
Affected specs: Mesh Profile Spec, v1.0 to v1.0.1.
Notice: SIG Security Notice (https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/).

Here, if the assailant doesnt know the temporary key, then it will be possible for the opponent to be successful in Phase 2 of legacy authentication by making use of the confirmation products and random numbers of the other device in LE legacy pairing.

List of vulnerabilities.

CVE-2020-26555.
CVE-2020-26558.

CVE ID: CVE-2020-26557.

Bluetooth is currently utilized in millions of gadgets, and the Carnegie Mellon CERT Coordination Center (CERT/CC) has just recently reported 7 security defects in Bluetooth that enable assaulters to impersonate as legitimate gadgets and launch DDoS attacks.

CVE ID: CVE-2020-26560.

Vulnerability: Malleable commitment in Bluetooth Mesh Profile provisioning.
Affected specs: Mesh Profile Spec, v1.0 to v1.0.1.
Notification: SIG Security Notice (https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/).

Core Specification 5.2.
Mesh Profile 1.0.1.

In these situations, if a man-in-the-middle attack is received, then an aggressor can quickly spoof the gadget.

Vulnerability: Impersonation in the Passkey entry procedure.
Affected specifications: Core Spec, v2.1 to 5.2.
Notice: SIG Security Notice (https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/).

CVE ID: CVE-2020-26555.

Among all these affected vendors, AOSP and Cisco is the very first to react and currently working to disperse the security updates to repair the following defects:-.

CVE ID: CVE-2020-26559.

Till now the Carnegie Mellon CERT Coordination Center (CERT/CC) has recognized the following vendors who are impacted:-.

CVE ID: CVE-2020-26558.

Simply after the discovery, the Bluetooth Special Interest Group (Bluetooth SIG) has actually already provided the recommendations for each vulnerability, that are affecting the Core Specification 5.2, and Mesh Profile 1.0.1.

Red Hat.
Cisco.
Android Open Source Project (AOSP).
Cradlepoint.
Intel.
Microchip Technology.

The gadgets that support the core innovation of “Bluetooth” are susceptible to the passkey input protocol that is utilized in Secure Simple Pairing (SSP), Secure Connections (SC), and LE Secure Connections (LESC)..

While CERT/CC kept in mind that the other affected vendors like Intel, Red Hat, and Cradlepoint have actually not yet issued any statements on this matter.

CVE ID: N/A.
Vulnerability: Authentication of the Bluetooth LE legacy-pairing procedure.
Impacted specifications: Core Spec, v4.0 to 5.2.
Notification: SIG Security Notice (https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/legacy-pairing/).

VU # 799380: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure https://t.co/qKx4Of6L9V— US-CERT (@USCERT_gov) May 24, 2021.

CVE ID: CVE-2020-26556.