Cyber Security News

New Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing

A recently discovered vulnerability in Bluetooth technology has raised significant security concerns.

This flaw could allow hackers to intercept passcodes during the device pairing process, affecting a wide range of Bluetooth devices and potentially having far-reaching implications for users worldwide.

The Vulnerability: CVE-2020-26558

The vulnerability, CVE-2020-26558, is found in devices supporting the Passkey Entry association model in various Bluetooth Core Specifications, ranging from version 2.1 to 5.4. It affects BR/EDR Secure Simple Pairing and LE Secure Connections Pairing protocols.

The flaw arises when a device accepts a public key from a remote peer with the same X coordinate as the public key it provided but with an opposite sign for the Y coordinate. 

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try It for Free

This oversight allows a man-in-the-middle (MITM) attacker to exploit the pairing process. Responding with a crafted public key, an attacker can determine the passkey used during the pairing session.

This enables them to complete an authenticated pairing procedure with both the initiating and responding devices.

How the Attack Works

For this attack to succeed, the malicious device must be within the wireless range of two vulnerable Bluetooth devices during their pairing or bonding process.

The attack explicitly targets scenarios in which BR/EDR IO Capabilities or LE IO Capabilities exchanges result in selecting the Passkey pairing procedure. 

The attacker manipulates the public key exchange process using a variation of the original ‘Impersonation in the Passkey Entry Protocol’ method.

By offering a public key with an X coordinate matching that of the peer device, they can effectively impersonate one of the devices involved in the pairing process.

Recommendations and Mitigations

To mitigate this vulnerability, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if they receive a public key with an X coordinate matching their own, except in cases where a debug key is used.

The upcoming Bluetooth Core Specification 6.0 will make this check mandatory, enhancing security against such attacks. 

Manufacturers and developers are urged to update their implementations to adhere to these recommendations.

Ensuring devices reject suspicious public keys during pairing can significantly reduce the risk of exploiting this vulnerability.

This vulnerability underscores the importance of staying updated with device manufacturers’ latest security patches and recommendations.

Users are encouraged to regularly update their firmware and be cautious when pairing Bluetooth devices in potentially insecure environments. 

As Bluetooth technology continues to be integral to everyday connectivity, addressing such vulnerabilities promptly is crucial for maintaining user trust and ensuring secure communications across devices.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

1 day ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

1 day ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

1 day ago

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…

1 day ago

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a massive…

1 day ago

State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers

The State Bar of Texas has confirmed a data breach following the detection of unauthorized…

1 day ago