A newly discovered Bluetooth vulnerability, CVE-2020-26558, presents a major security threat to devices using various Bluetooth Core Specifications. The issue, termed “Impersonation in the Passkey Entry Protocol,” affects devices employing the Passkey Entry association model in BR/EDR Secure Simple Pairing, Secure Connections Pairing, and LE Secure Connections Pairing.
Vulnerability Breakdown
The flaw impacts Bluetooth Core Specifications from versions 2.1 to 5.4 for BR/EDR and from versions 4.2 to 5.4 for LE Secure Connections. It allows a man-in-the-middle (MITM) attacker to intercept the pairing process by sending a public key with an X coordinate matching the peer device. Through manipulated responses, the attacker can determine the passkey used in the session, enabling them to perform an authenticated pairing with both devices involved.
For the attack to work, the hacker must be within wireless range of two vulnerable devices during the pairing or bonding process. The attack focuses on instances where the Passkey pairing method is selected via a BR/EDR or LE IO Capabilities exchange.
Mitigation and Recommendations
Bluetooth Core Specification 5.4 recommends failing the pairing if a peer’s public key X coordinate matches the local device’s, unless a debug key is used. This safeguard becomes mandatory in version 6.0. To counter this vulnerability, manufacturers and developers are urged to update devices to follow these specifications. Implementing these security measures can prevent MITM attacks and bolster overall protection.
The Bluetooth Special Interest Group (SIG) stresses the importance of updating devices to comply with the latest security protocols, urging users to install available patches to secure their Bluetooth communications. As Bluetooth technology advances, maintaining strong security practices is key to safeguarding personal data and secure wireless communication.