Patches incoming for Bluetooth bug that could affected Apple, Intel, Broadcom, and some Android devices.
This article originally appeared on ZDNet.
A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices.
The flaw was found by Lior Neumann and Eli Biham of the Israel Institute of Technology, and flagged today by Carnegie Mellon University CERT. The flaw, which is tracked as CVE-2018-5383, has been confirmed to affect Apple, Broadcom, Intel, and Qualcomm hardware, and some Android handsets. It affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections.
Fortunately for macOS users, Apple released a patch for the flaw in July.
As the CERT notification explains, the vulnerability is caused by some vendors' Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into Bluetooth key exchange implementation which uses the elliptic-curve Diffie-Hellman (ECDH) key exchange to establish a secure connection over an insecure channel.
SEE: Mobile device computing policy (Tech Pro Research)
This may allow a nearby but remote attacker to inject a a bogus public key to determine the session key during the public-private key exchange. They could then conduct a man-in-the-middle attack and "passively intercept and decrypt all device messages, and/or forge and inject malicious messages."
Although Microsoft said Windows isn't affected directly, Intel has listed numerous wireless chip modules for Windows 7, 8.1, and 10 products that are, as well as wireless modules for Chrome OS and Linux machines. Intel recommended users upgrade to the latest support driver and to check with vendors if they have provided one in their respective updates. Dell has released a new driver for Qualcomm it uses while Lenovo's update is for the flaw in Intel software.
CERT said it is not known whether Android, Google or the Linux kernel are affected. There is no mention of it in Google's July Android Security Bulletin or earlier bulletins.
As CERT explains, ECDH consists of a private and public key, the latter being exchanged to create a shared pairing key.
"The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted shared key, which reduces attacker effort to obtain the private key of the device under attack if the implementation does not validate all of the parameters before computing the shared key," writes CERT's Garret Wassermann
Bluetooth SIG, the organizations responsible for Bluetooth, downplayed the chances of a real-world attack in part because it relies on being within range of two vulnerable devices. Nonetheless, it has updated its specification to require vendors validate any public key received during the exchange.
"For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure," Bluetooth SIG said.
"The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful," it said.
- Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
- Security flaws put billions of Bluetooth phones, devices at risk (ZDNet)
- Android P: Cheat sheet (TechRepublic)