Pairing flaw exposes Bluetooth devices to BIAS attacks


Hundreds of Electronic devices that support Bluetooth Core and Mesh Specifications may be vulnerable to attacks that allow malicious actors to impersonate a device during pairing.

Bluetooth Devices Vulnerable To BIAS Attacks 1024x537

Newly identified security weaknesses in both Bluetooth Core and Mesh Profile Specifications enable attackers to mask a rogue device as legitimate and perform man-in-the-middle (MitM) attacks and capture sensitive user data, a new academic research reports.

The Bluetooth Impersonation Attacks, also known as the BIAS, allow a malicious actor to bypass the authentication mechanism of Bluetooth and establish a connection with a victim without knowing or having to validate the long-term key shared by the devices.

In relation to the research of the detected vulnerabilities, the academic researchers have performed test-attacks against 28 unique Bluetooth chips from leading hardware and software vendors, including Intel, Apple, Qualcomm, Samsung and Cypress, targeting all major Bluetooth versions, most of which proved vulnerable to the BIAS attacks.

The detected flaws are addressing issues with the pairing/bonding protocols used in the specification and are being tracked as follows:

  • CVE-2020-26555 – a vulnerability that addresses impersonation in Bluetooth legacy BR/EDR pin-pairing protocol (Core Specification 1.0B through 5.2)
  • CVE-2020-26556 – a flaw with the Malleable commitment in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1).
  • CVE-2020-26557 – a vulnerability allowing for prediction of the AuthValue in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)
  • CVE-2020-26558 — the flaw that allows for impersonation in the Passkey entry protocol during the secure pairing process (Core Specification 2.1 through 5.2)
  • CVE-2020-26559 – a flaw related to predictable AuthValue in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)
  • CVE-2020-26560 – a flaw allowing for impersonation attack in Bluetooth Mesh Profile provisioning (Mesh profile 1.0 and 1.0.1)

Devices affected by these security weaknesses have been found in vendors such Cisco, Cradlepoint, Android Open Source Project (AOSP), Intel, Microchip Technology, and Red Hat. As per the information that is available, AOSP, Microchip Technology and Cisco have indicated they are seeking to address the reported vulnerabilities and minimize the chance of possible exploitation.

Security notices related to the detected flaws have been issued by Bluetooth Special Interest Group (SIG), the organization that is monitoring the Bluetooth standards development.

To protect themselves, Bluetooth users should download and install the latest updates recommended from the manufacturers for their devices and systems as soon as they are available.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment