John Leyden May 26, 2021 at 12:25 UTC
Updated: May 26, 2021 at 12:28 UTC
The inherent weaknesses in short range radio technology have been exposed
Attackers could impersonate legitimate devices during the Bluetooth pairing process due to security vulnerabilities in the Bluetooth Core and Bluetooth Mesh specifications that support ubiquitous wireless technology.
Researchers at ANSSI – the French equivalent of the UK GCHQ – discovered flaws in every specification that allowed devices to be impersonated and AuthValue to be disclosed.
A total of six vulnerabilities (CVE-2020-26555 through CVE-2020-26560) were identified by the study.
The vulnerabilities are highlighted in an article entitled “BlueMirror: Considerations for Bluetooth Pairing and Provisioning Protocols”, which will be presented by ANSSI researchers Tristan Claverie and José Lopes Esteves tomorrow (May …) at the WOOT conference .