Vulnerabilities in Bluetooth specifications discovered

Last week vulnerabilities were found in Bluetooth specifications that could, for example, allow attackers’ devices to pass themselves off as legitimate during the pairing process and trigger man-in-the-middle (MitM) attacks, whereby they intercept messages and possibly alter them without the victims realizing.

The specifications in question are Bluetooth Core and Mesh Profile which define the technical and policy requirements for devices that wish to operate over Bluetooth connections. Researchers at the Agence Nationale de la Sécurité des Systèmes d’information (ANSSI) have identified a number of vulnerabilities in the specifications that make Bluetooth communication vulnerable to attack.

The Bluetooth Special Interest Group (Bluetooth SIG), which oversees the development of Bluetooth standards, has already issued security warnings with recommendations for each of the seven security flaws affecting the two specifications.

In addition, CERT at Carnegie Mello University studies security incident response and handling, named Android Open Source Project (AOSP), Cisco, Intel, Red Hat, Microchip Technology, and Cradlepoint as the vendors identified so far with products affected by these security flaws. Some vendors have already spoken out about the vulnerabilities – Android Open Source Project has even classified one of them (CVE-2020-26555, identity theft in pairing protocol), as high severity and said it will release a patch in an upcoming security bulletin for the Android system.

Why does it matter? Bluetooth devices are at the heart of the evolution of smart devices. Their use is spreading rapidly in sensitive applications such as wearable devices used in healthcare, location-based services, and connected commercial lighting.

And of course, as a wireless data transfer standard, Bluetooth has some associated cybersecurity risks. The most common of these are BlueSmacking (a way to perform a denial-of-service attack against a Bluetooth-enabled device), BlueJacking, BlueSnarfing, and BlueBugging (all with the aim of hijacking a Bluetooth device for sending or stealing data).