New Bluetooth Vulnerability Leak Your Passcode to Hackers While Pairing
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A recently identified vulnerability in Bluetooth technology, identified as CVE-2020-26558<\/a>, poses a significant security risk to devices supporting various Bluetooth Core Specifications. <\/p>\n This vulnerability, known as \u201cImpersonation in the Passkey Entry Protocol,\u201d affects devices using the Passkey Entry association model in BR\/EDR Secure Simple Pairing, Secure Connections Pairing, and LE Secure Connections Pairing.<\/p>\n The flaw is present in Bluetooth Core Specifications ranging from version 2.1 through 5.4 for BR\/EDR<\/a> to version 4.2 through 5.4 for LE Secure Connections. <\/p>\n It allows a man-in-the-middle (MITM<\/a>) attacker to exploit the pairing process by responding to an initiating device with a public key whose X coordinate matches that of the peer device. <\/p>\n By using crafted responses, the attacker can determine the passkey used during the pairing session, leading to an authenticated pairing procedure with both the initiating and responding devices.<\/p>\n According to the Bluetooth report<\/a>, For this attack to be successful, the attacker must be within wireless range of two vulnerable Bluetooth devices that are initiating pairing or bonding. The attack specifically targets scenarios where a BR\/EDR or LE IO Capabilities exchange results in the selection of the Passkey pairing procedure.<\/p>\n Analyse Any Suspicious Links Using ANY.RUN\u2019s New Safe Browsing Tool:\u00a0Try for Free<\/a><\/strong><\/p>\n To mitigate this risk, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if a peer\u2019s public key X coordinate matches that of the local device, except when a debug key is used. This check becomes mandatory in Bluetooth Core Specification 6.0.<\/p>\n Experts recommend that manufacturers and developers adhere to these guidelines and update their implementations to comply with the latest specifications. Ensuring that devices reject public keys with matching X coordinates can prevent potential MITM attacks and enhance overall security.<\/p>\n The Bluetooth Special Interest Group (SIG) emphasizes the importance of following updated security protocols to protect against vulnerabilities like CVE-2020-26558. Users are encouraged to update their devices regularly and stay informed about security patches released by device manufacturers.<\/p>\n As Bluetooth technology continues evolving, maintaining robust security measures is crucial for safeguarding personal data and secure wireless communications.<\/p>\n Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats<\/strong>\u00a0->\u00a0Free Registration<\/a><\/strong><\/p>\n The post New Bluetooth Vulnerability Leak Your Passcode to Hackers While Pairing<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nVulnerability Details<\/strong><\/h2>\n
Recommendations and Mitigations<\/strong><\/h2>\n