Is the BIAS vulnerable fixed? (Bluetooth Impersonation AttackS / CVE-2020-10135)

Asked by Anja Sur on 2020-06-25

Hello,

is the BIAS (Bluetooth Impersonation AttackS / CVE-2020-10135) vulnerable fixed?
A Raspberry Pi Engineer posted there is a fix available:
https://www.raspberrypi.org/forums/viewtopic.php?p=1667781#p1667781

BIAS infos:
https://francozappa.github.io/about-bias/
https://kb.cert.org/vuls/id/647177

Summary:
As a result, an attacker can impersonate a device towards the host after both have previously been successfully paired in absence of the attacker.

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu pi-bluetooth Edit question
Assignee:
No assignee Edit question
Last query:
2020-06-25
Last reply:

Can you help with this problem?

Provide an answer of your own, or ask Anja Sur for more information if necessary.

To post a message you must log in.