Severity Rating: Medium
Systems Affected
•All Bluetooth devices supporting BR/EDR Core Configurations version 5.2
and prior
Overview
A vulnerability has been reported in Bluetooth protocol, which could be
exploited by an adjacent attacker to perform a spoofing attack(BIAS)
impersonating the address of a previously paired remote device.
Description
Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are
used for low-power short-range communications. To establish an encrypted
connection, two Bluetooth devices must pair with each other using a link
key.
An attacker with physical access to the Bluetooth connection could perform
a spoofing attack impersonating the address of a previously paired remote
device. This attack may result in the attacking device completing the
authentication procedure successfully despite not possessing the link key.
This vulnerability in turn, could permit an attacker to initiate the
Bluetooth Key Negotiation (KNOB) attack more efficiently, potentially
gaining full access as the remote paired device.
Solution
It is highly recommended that the end users apply the latest update.
Bluetooth host and controller suppliers should refer to the Bluetooth SIG
for guidance on updating their products.
oth-security/bias-vulnerability/
References
oth-security/bias-vulnerability/
devices-bias-attacks/
CVE Name
CVE-2020-10135
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.