The experts have identified the problems in the Bluetooth Core and Mesh Profile specifications that allow an attacker to impersonate a legitimate device during pairing process and launch man-in-the-middle (MitM) attacks (it is of course to be understood that while within range of a wireless network).

Detailed description of all seven detected bugs and security advisories for their elimination have already been published by the specialists from the Bluetooth Special Interest Group (Bluetooth SIG) - bluetooth.com.

According to experts, at least some of these problems affect Android Open Source Project (AOSP), Cisco, Intel, Red Hat, Microchip Technology and Cradlepoint products.

It is reported that the AOSP developers appear to be working on patches for the CVE-2020-26555 and CVE-2020-26558 vulnerabilities affecting Android devices. The patches should be included in an upcoming Android security bulletin.

Cisco is also working on patching the CVE-2020-26555 and CVE-2020-26558 issues impacting its products.

Source: xakep.ru