CVE-2016-6539 - OpenCVE

The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Thetrackr	Trackr Firmware Trackr

Configuration 1 [-]

AND

OR	cpe:2.3:o:thetrackr:trackr_firmware::::::android::*
	cpe:2.3:o:thetrackr:trackr_firmware::::::iphone_os::*

cpe:2.3:h:thetrackr:trackr:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/93874	Third Party Advisory VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/	Exploit Technical Description Third Party Advisory
https://www.kb.cert.org/vuls/id/617567	Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2018-07-06T21:00:00

Updated: 2018-07-07T09:57:01

Reserved: 2016-08-03T00:00:00

Link: CVE-2016-6539

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-06T21:29:00.280

Modified: 2019-10-09T23:19:12.830

Link: CVE-2016-6539

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"platforms": ["iOS"], "product": "Bravo Mobile Application", "vendor": "TrackR", "versions": [{"status": "unaffected", "version": "5.1.6"}]}, {"platforms": ["Android"], "product": "Bravo Mobile Application", "vendor": "TrackR", "versions": [{"status": "unaffected", "version": "2.2.5"}]}], "credits": [{"lang": "en", "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."}], "datePublic": "2016-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-07T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "93874", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93874"}, {"tags": ["x_refsource_MISC"], "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"name": "VU#617567", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/617567"}], "source": {"discovery": "UNKNOWN"}, "title": "TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-6539", "STATE": "PUBLIC", "TITLE": "TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bravo Mobile Application", "version": {"version_data": [{"affected": "!", "platform": "iOS", "version_affected": "!", "version_value": "5.1.6"}, {"affected": "!", "platform": "Android", "version_affected": "!", "version_value": "2.2.5"}]}}]}, "vendor_name": "TrackR"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Information Exposure"}]}]}, "references": {"reference_data": [{"name": "93874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93874"}, {"name": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"}, {"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", "refsource": "MISC", "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"name": "VU#617567", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/617567"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-6539", "datePublished": "2018-07-06T21:00:00", "dateReserved": "2016-08-03T00:00:00", "dateUpdated": "2018-07-07T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:thetrackr:trackr_firmware:*:*:*:*:*:android:*:*", "matchCriteriaId": "43EC4939-50C3-4104-96AB-DEC1FE156EF3", "versionEndExcluding": "2.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:thetrackr:trackr_firmware:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "8FE04B1C-C57E-478C-8F6A-3C09D344C485", "versionEndExcluding": "5.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:thetrackr:trackr:-:*:*:*:*:*:*:*", "matchCriteriaId": "9905EBCF-AAE9-469A-AA16-76C43817F4CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."}, {"lang": "es", "value": "El ID de los dispositivos Trackr se construye a partir de un identificador del vendedor de cuatro ceros seguido de la direcci\u00f3n MAC BLE al rev\u00e9s. Se puede obtener la direcci\u00f3n MAC estando cerca del dispositivo Bluetooth, exponiendo efectivamente el ID del dispositivo. El ID se puede utilizar para rastrear los dispositivos. El fabricante ha publicado las apps actualizadas (5.1.6 para iOS y 2.2.5 para Android) para solucionar las vulnerabilidades en CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 y CVE-2016-6541."}], "id": "CVE-2016-6539", "lastModified": "2019-10-09T23:19:12.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-06T21:29:00.280", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93874"}, {"source": "cret@cert.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/617567"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cret@cert.org", "type": "Secondary"}]}