The Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) has disclosed reports for three vulnerabilities related to the Bluetooth® Core Specification to the Bluetooth SIG. Here is a short summary of these vulnerabilities:
Impersonation in the Passkey Entry Protocol: (CVE-2020-26558) (VU#799380.8 TLP:AMBER)
The Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge of the passkey.
Authentication of the LE Legacy Pairing Protocol: (VU#799380.5 TLP:AMBER)
The authentication property of the Bluetooth LE Legacy Pairing procedures is vulnerable to a reflection attack. A remote attacker without knowledge of the token key can complete the authentication protocol.
Impersonation in the PIN Pairing Protocol: (CVE-2020-26555) (VU#799380.7 TLP:AMBER)
The Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.
We take security issues seriously, and we are currently working to mitigate the issues and provide solutions for our clients. We have determined that this vulnerability affects some of our networking products. This page will provide the latest insight and may be updated from time to time.