Cyber Security News

New Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing

A recently discovered vulnerability in Bluetooth technology has raised significant security concerns.

This flaw could allow hackers to intercept passcodes during the device pairing process, affecting a wide range of Bluetooth devices and potentially having far-reaching implications for users worldwide.

The Vulnerability: CVE-2020-26558

The vulnerability, CVE-2020-26558, is found in devices supporting the Passkey Entry association model in various Bluetooth Core Specifications, ranging from version 2.1 to 5.4. It affects BR/EDR Secure Simple Pairing and LE Secure Connections Pairing protocols.

The flaw arises when a device accepts a public key from a remote peer with the same X coordinate as the public key it provided but with an opposite sign for the Y coordinate. 

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try It for Free

This oversight allows a man-in-the-middle (MITM) attacker to exploit the pairing process. Responding with a crafted public key, an attacker can determine the passkey used during the pairing session.

This enables them to complete an authenticated pairing procedure with both the initiating and responding devices.

How the Attack Works

For this attack to succeed, the malicious device must be within the wireless range of two vulnerable Bluetooth devices during their pairing or bonding process.

The attack explicitly targets scenarios in which BR/EDR IO Capabilities or LE IO Capabilities exchanges result in selecting the Passkey pairing procedure. 

The attacker manipulates the public key exchange process using a variation of the original ‘Impersonation in the Passkey Entry Protocol’ method.

By offering a public key with an X coordinate matching that of the peer device, they can effectively impersonate one of the devices involved in the pairing process.

Recommendations and Mitigations

To mitigate this vulnerability, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if they receive a public key with an X coordinate matching their own, except in cases where a debug key is used.

The upcoming Bluetooth Core Specification 6.0 will make this check mandatory, enhancing security against such attacks. 

Manufacturers and developers are urged to update their implementations to adhere to these recommendations.

Ensuring devices reject suspicious public keys during pairing can significantly reduce the risk of exploiting this vulnerability.

This vulnerability underscores the importance of staying updated with device manufacturers’ latest security patches and recommendations.

Users are encouraged to regularly update their firmware and be cautious when pairing Bluetooth devices in potentially insecure environments. 

As Bluetooth technology continues to be integral to everyday connectivity, addressing such vulnerabilities promptly is crucial for maintaining user trust and ensuring secure communications across devices.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

GitLab Security Update, Patch for Critical Vulnerabilities

GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise…

1 hour ago

BadRAM Attack Breaches AMD Secure VMs with $10 Device

Researchers have uncovered a vulnerability that allows attackers to compromise AMD's Secure Encrypted Virtualization (SEV)…

2 hours ago

Splunk RCE Vulnerability Let Attackers Execute Remote Code

Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE)…

3 hours ago

Europol Shutsdown 27 DDoS Service Provider Platforms

In a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across 15…

4 hours ago

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC)…

18 hours ago

Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication

Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive…

18 hours ago