The Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) has disclosed reports for three vulnerabilities related to the Bluetooth® Core Specification to the Bluetooth SIG. Here is a short summary of these vulnerabilities:
Impersonation in the Passkey Entry Protocol: (CVE-2020-26558) (VU#799380.8 TLP:AMBER)
The Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge of the passkey.
Impacted Specifications:
- BR/EDR Bluetooth Core Specification 2.1 through 5.2
- BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2
- BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2
- LE Bluetooth Core Specification 4.2 through 5.2
- LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2
Authentication of the LE Legacy Pairing Protocol: (VU#799380.5 TLP:AMBER)
The authentication property of the Bluetooth LE Legacy Pairing procedures is vulnerable to a reflection attack. A remote attacker without knowledge of the token key can complete the authentication protocol.
Impacted Specifications:
- LE Bluetooth Core Specification 4.0+
- LE Legacy Pairing authentication in Bluetooth Core Specification versions 4.0 through 5.2
Impersonation in the PIN Pairing Protocol: (CVE-2020-26555) (VU#799380.7 TLP:AMBER)
The Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.
Impacted Specifications:
- Bluetooth Specific 1.0+
- BR/EDR pin-code pairing in Bluetooth Core Specification versions 1.0B through 5.2
We take security issues seriously, and we are currently working to mitigate the issues and provide solutions for our clients. We have determined that this vulnerability affects some of our networking products. This page will provide the latest insight and may be updated from time to time.