Sunday, March 30, 2025
HomeBluetoothNew Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing

New Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing

Published on

SIEM as a Service

Follow Us on Google News

A recently discovered vulnerability in Bluetooth technology has raised significant security concerns.

This flaw could allow hackers to intercept passcodes during the device pairing process, affecting a wide range of Bluetooth devices and potentially having far-reaching implications for users worldwide.

The Vulnerability: CVE-2020-26558

The vulnerability, CVE-2020-26558, is found in devices supporting the Passkey Entry association model in various Bluetooth Core Specifications, ranging from version 2.1 to 5.4. It affects BR/EDR Secure Simple Pairing and LE Secure Connections Pairing protocols.

The flaw arises when a device accepts a public key from a remote peer with the same X coordinate as the public key it provided but with an opposite sign for the Y coordinate. 

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try It for Free

This oversight allows a man-in-the-middle (MITM) attacker to exploit the pairing process. Responding with a crafted public key, an attacker can determine the passkey used during the pairing session.

This enables them to complete an authenticated pairing procedure with both the initiating and responding devices.

How the Attack Works

For this attack to succeed, the malicious device must be within the wireless range of two vulnerable Bluetooth devices during their pairing or bonding process.

The attack explicitly targets scenarios in which BR/EDR IO Capabilities or LE IO Capabilities exchanges result in selecting the Passkey pairing procedure. 

The attacker manipulates the public key exchange process using a variation of the original ‘Impersonation in the Passkey Entry Protocol’ method.

By offering a public key with an X coordinate matching that of the peer device, they can effectively impersonate one of the devices involved in the pairing process.

Recommendations and Mitigations

To mitigate this vulnerability, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if they receive a public key with an X coordinate matching their own, except in cases where a debug key is used.

The upcoming Bluetooth Core Specification 6.0 will make this check mandatory, enhancing security against such attacks. 

Manufacturers and developers are urged to update their implementations to adhere to these recommendations.

Ensuring devices reject suspicious public keys during pairing can significantly reduce the risk of exploiting this vulnerability.

This vulnerability underscores the importance of staying updated with device manufacturers’ latest security patches and recommendations.

Users are encouraged to regularly update their firmware and be cautious when pairing Bluetooth devices in potentially insecure environments. 

As Bluetooth technology continues to be integral to everyday connectivity, addressing such vulnerabilities promptly is crucial for maintaining user trust and ensuring secure communications across devices.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor

Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group,...

“Crocodilus” A New Malware Targeting Android Devices for Full Takeover

Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial...

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging...

Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed "Morphing Meerkat," that leverages...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor

Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group,...

“Crocodilus” A New Malware Targeting Android Devices for Full Takeover

Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial...

Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed "Morphing Meerkat," that leverages...