在Bluetooth SIG ,我们努力使Bluetooth 成为简单、安全的无线连接的全球标准,安全是最重要的。 如果您在任何Bluetooth 规范中发现了潜在的安全问题,请通过电子邮件联系我们:[email protected] 。 对于加密通信,您可以使用我们的公钥。
我们会尽最大努力在48小时内对安全问题作出回应,但如果您在此时间内没有收到回应,请随时与我们跟进,以确保我们已收到您的原始报告。
报告详情
以下信息将有助于我们尽快评估您提交的材料。如果有的话,请在报告中附上。
- 漏洞类型(安全、隐私、可用性/DoS等)
- 受影响的规格和版本
- 重现问题的说明
- 概念验证(PoC)
Bluetooth 安全公告
Vulnerability | Publication Date | Details | Specifications Affected | CVE [NVD] |
---|---|---|---|---|
SUPPLEMENT: Impersonation in the Passkey Entry Protocol | 19/09/2024 | SIG Security Notice | Core Spec v2.1 to 5.4 | CVE-2021-37577 |
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | 27/11/2023 | SIG Security Notice | Core Spec v4.2 to 5.2 | CVE-2023-24023 |
Pairing Mode Confusion in BLE Passkey Entry | 09/12/2022 | SIG Security Notice | Core Spec v4.0 to 5.3 | CVE-2022-25836 |
Pairing Mode Confusion in BR/EDR | 09/12/2022 | SIG Security Notice | Core Spec v1.0B to 5.3 | CVE-2022-25837 |
InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections | 21/06/2021 | SIG Security Notice | Core Spec, v4.0 to 5.2 | CVE-2021-31615 |
Bluetooth Mesh Profile AuthValue leak | 24/05/2021 | SIG Security Notice | Mesh Profile Spec, v1.0 to v1.0.1 | CVE-2020-26559 |
Malleable commitment in Bluetooth Mesh Profile provisioning | 24/05/2021 | SIG Security Notice | Mesh Profile Spec, v1.0 to v1.0.1 | CVE-2020-26556 |
Predictable Authvalue in Bluetooth Mesh Profile provisioning leads to MITM | 24/05/2021 | SIG Security Notice | Mesh Profile Spec, v1.0 to v1.0.1 | CVE-2020-26557 |
Impersonation attack in Bluetooth Mesh Profile provisioning | 24/05/2021 | SIG Security Notice | Mesh Profile Spec, v1.0 to v1.0.1 | CVE-2020-26560 |
Impersonation in the BR/EDR pin-pairing protocol | 24/05/2021 | SIG Security Notice | Core Spec, v1.0B to 5.2 | CVE-2020-26555 |
Authentication of the Bluetooth LE legacy-pairing protocol | 24/05/2021 | SIG Security Notice | Core Spec, v4.0 to 5.2 | N/A |
Impersonation in the Passkey entry protocol | 24/05/2021 | SIG Security Notice | Core Spec, v2.1 to 5.2 | CVE-2020-26558 |
Exploiting Cross-Transport Key Derivation | 09/09/2020 | SIG Security Notice | Core Spec, v4.2 to 5.0 | CVE-2020-15802 |
Pairing Method Confusion | 18/05/2020 | SIG Security Notice |
Core Spec, v2.1 to v5.2 |
CVE-2020-10134 |
Bluetooth Impersonation Attacks | 18/05/2020 | SIG Security Notice |
Core Spec, v2.1 to v5.2 |
CVE-2020-10135 |
Key Negotiation of Bluetooth | 13/08/2019 | SIG Security Notice | Core Spec, v4.2, v5.0 and v5.1 | CVE-2019-9506 |
Validation of Elliptic Curve Parameters | 23/07/2018 | SIG Security Notice | Core Spec, v2.1 to v5.0 | CVE-2018-5383 |