Security experts discovered 7 vulnerabilities in Bluetooth technology. The vulnerabilities in question provide the environment for attackers to perform Bluetooth Impersonation Attacks (BIAS).
Vulnerabilities have been discovered in the Bluetooth Core and Mesh Profile specifications that could allow attackers to impersonate legitimate devices during pairing. Hackers can use these vulnerabilities to launch man-in-the-middle attacks (MitM).
The Bluetooth Core and Mesh Profile specifications define the requirements for Bluetooth devices to communicate with each other. The vulnerabilities were reported by experts from the French National Information Systems Security Agency (ANSSI).
According to the researchers, a potential attacker within Bluetooth range could initiate MitM attacks. The issue was acknowledged by the Bluetooth Special Interest Group (SIG) organization, which oversees the development of Bluetooth standards. Experts found a total of seven vulnerabilities, six of which were assigned CVE IDs:
Affected vendors try to fix bugs
“We have communicated the technical details of the vulnerabilities to companies and how they can counteract their exploitation. We recommend that everyone install patches available immediately. As always, users of Bluetooth technology should make sure they have the latest updates installed on their devices,” he said.
Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology and Red Hat are among the vendors with products affected by these vulnerabilities. AOSP, Cisco, and Microchip Technology said they are currently working to minimize problems.