{"uuid": "fd60571b-5d3f-4ff7-9d88-c1719d848970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-16630", "type": "seen", "source": "https://t.me/cibsecurity/29166", "content": "\u203c CVE-2020-16630 \u203c\n\nTI\u00e2\u20ac\u2122s BLE stack caches and reuses the LTK\u00e2\u20ac\u2122s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile\u00e2\u20ac\u2122s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-21T00:27:13.000000Z"}