CVE-2020-15509

Name of the Vulnerable Software and Affected Versions Nordic Semiconductor Android BLE Library versions 2.2.1 and earlier Nordic Semiconductor Android DFU Library versions 1.10.4 and earlier

Description The issue allows the library to engage in unencrypted communication while indicating to the user that the communication is encrypted. This problem occurs during bond creation, specifically in the internalCreateBond function within BleManagerHandler.

Recommendations For Nordic Semiconductor Android BLE Library versions 2.2.1 and earlier, consider disabling the internalCreateBond function in BleManagerHandler until a patch is available. For Nordic Semiconductor Android DFU Library versions 1.10.4 and earlier, restrict the use of bond creation functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.