SB2020051907 - Bluetooth Impersonation Attack agains multiple vendors
Published: May 19, 2020 Updated: January 9, 2026
Security Bulletin ID
SB2020051907
Severity
Medium
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-10135)
The vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.
The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.
Below is the list of chips and devices, confirmed to be vulnerable:
| Chip | Device |
| Bluetooth v5.0 | |
| Apple 339S00397 | iPhone 8 |
| CYW20819 | CYW920819EVB-02 |
| Intel 9560 | ThinkPad L390 |
| Snapdragon 630 | Nokia 7 |
| Snapdragon 636 | Nokia X6 |
| Snapdragon 835 | Pixel 2 |
| Snapdragon 845 | Pixel 3, OnePlus 6 |
| Bluetooth v4.2 | |
| Apple 339S00056 | MacBookPro 2017 |
| Apple 339S00199 | iPhone 7plus |
| Apple 339S00448 | iPad 2018 |
| CSR 11393 | Sennheiser PXC 550 |
| Exynos 7570 | Galaxy J3 2017 |
| Intel 7265 | ThinkPad X1 3rd |
| Intel 8260 | HP ProBook 430 G3 |
| Bluetooth v4.1 | |
| CYW4334 | iPhone 5s |
| CYW4339 | Nexus 5, iPhone 6 |
| CYW43438 | RPi 3B+ |
| Snapdragon 210 | LG K4 |
| Snapdragon 410 | Motorola G3, Galaxy J5 |
| Bluetooth <= v4.0 | |
| BCM20730 | ThinkPad 41U5008 |
| BCM4329B1 | iPad MC349LL |
| CSR 6530 | PLT BB903+ |
| CSR 8648 | Philips SHB7250 |
| Exynos 3470 | Galaxy S5 mini |
| Exynos 3475 | Galaxy J3 2016 |
| Intel 1280 | Lenovo U430 |
| Intel 6205 | ThinkPad X230 |
| Snapdragon 200 | Lumia 530 |
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.