Experts from the National Agency for Information Systems Security (ANSSI) have discovered a new attack on Bluetooth that allows them simulating another device.
The researchers said that there were problems in the Bluetooth Core and Mesh Profile specifications that allow an attacker to impersonate a legitimate device during pairing, as well as launch man-in-the-middle attacks (of course, while in range of a wireless network).
Specialists from the Bluetooth Special Interest Group (Bluetooth SIG) have already published detailed description of all seven discovered bugs, as well as recommendations for their elimination.
According to CERT/CC, Android Open Source Project (AOSP), Cisco, Intel, Red Hat, Microchip Technology and Cradlepoint products are vulnerable to at least some of these problems. About a dozen more manufacturers confirmed that their products were not affected, and the solutions of about 200 other suppliers may be vulnerable, but their exact status is still unknown.
It is reported that the AOSP developers are already working on fixes for the vulnerabilities CVE-2020-26555 and CVE-2020-26558 affecting Android devices. The patches should be included in the next Android security bulletin.
Cisco is also working to resolve issues CVE-2020-26555 and CVE-2020-26558 affecting its products. The company tracks these vulnerabilities as PSIRT-0503777710.
As for the CVE-2020-26558 issue, the attacker must be within range of two paired Bluetooth devices and authenticate one of the devices on his own device.
The Bluetooth SIG recommends that potentially vulnerable network providers restrict authentication and do not accept the provision of random and acknowledgment numbers from a remote host that match the numbers selected by the local device.
Let me remind you that I reported that Google and Intel experts warn of dangerous Bluetooth bugs in Linux.