CVE-2020-15802 – Bluetooth vulnerability can cause Bluetooth devices to be attacked by man in the middle, and Bluetooth 4.0/5.0 devices are all affected! (9th Sep 2020).

Preface: Bluetooth Low Energy (BLE) is a low power wireless communication technology that can be used over a short distance to enable smart devices to communicate. … Today, the majority of Android and iOS devices on the market incorporate BLE for communication and interaction with other devices.

Ref I: CTKD pairing allows the devices to pair once using either transport method while generating both the BR/EDR and LE Long Term Keys (LTK) without needing to pair a second time.
Ref II: Bonding: First, do Pairing to have a secure link, then exchange keys for the next time we meet, so that we don’t need to perform Pairing again to have a secure link.

Vulnerability details: Multiple devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing could allow a remote malicious user to conduct a man-in-the-middle attack.

Remedy:The affected devices include all products using Bluetooth 4.0 to 5.0. Bluetooth after version 5.1 will not be affected due to the addition of restrictions on CTKD.

Reference:https://kb.cert.org/vuls/id/589825

One thought on “CVE-2020-15802 – Bluetooth vulnerability can cause Bluetooth devices to be attacked by man in the middle, and Bluetooth 4.0/5.0 devices are all affected! (9th Sep 2020).”

  1. Somebody necessarily assist to make significantly articles I might state.
    That is the first time I frequented your website page and thus far?
    I amazed with the research you made to create this actual publish extraordinary.
    Fantastic process!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.