CVE-2020-35473 : Security Advisory and Response

Bluetooth Low Energy Advertisement Scan Response Information Leakage Vulnerability

Understanding CVE-2020-35473

An information leakage vulnerability in Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2 allows for the identification of devices using Resolvable Private Addressing (RPA) by their response to specific scan requests.

What is CVE-2020-35473?

The vulnerability in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, enables the identification of devices using RPA through their responses to scan requests.

The Impact of CVE-2020-35473

Allows identification of devices using RPA by their response or non-response to specific scan requests
Enables identification of a peer device by its reaction to an active scan request
Creates an allowlist-based side channel

Technical Details of CVE-2020-35473

Vulnerability Description

The vulnerability lies in the Bluetooth Low Energy advertisement scan response, potentially exposing devices using RPA to identification through scan requests.

Affected Systems and Versions

Bluetooth Core Specifications 4.0 through 5.2
Extended scan response in Bluetooth Core Specifications 5.0 through 5.2

Exploitation Mechanism

The vulnerability allows malicious actors to identify devices using RPA by analyzing their responses to specific scan requests.

Mitigation and Prevention

Immediate Steps to Take

Disable Bluetooth when not in use
Avoid connecting to unknown or untrusted devices
Regularly update Bluetooth firmware

Long-Term Security Practices

Implement strong encryption for Bluetooth communications
Monitor Bluetooth connections for suspicious activity

Patching and Updates

Apply patches and updates from the device manufacturer to address the vulnerability