Bluetooth Handshake Vulnerability

Researchers from the Israel Institute of Technology have uncovered a new vulnerability related to Bluetooth® LE Secure Connections Pairing at the OS level and BR/EDR implementations of Secure Simple Pairing in device firmware.

Hyve Managed Hosting

featured image

CVE-2018-5383 affects firmware or OS drivers from Apple, Broadcom, Intel and Qualcomm. At the time of writing, the implications of the bug on Google Android and Linux are unknown.

The researchers realised that the Bluetooth® specification does not mandate devices supporting there two features to validate the public encryption key that is the handshake for over-the-air during. As the Diffie-Hellman key exchange is optional, some vendors have not validated the elliptical curve parameters used in the exchange. Because of this, a Man In The Middle attack is possible for someone within Bluetooth® range of the target device(s). This would allow them to access all data thought by the user to be encrypted as well as the ability to perform malware injections.

The Bluetooth® SIG have issued the following statement:

"For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth® devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful."

How to stop Bluetooth® hacks

The Bluetooth® SIG has updated the specification to make the public key validation mandatory. They claim there is no evidence of malicious exploitation of the bug.

Patches will be needed and users should obtain these directly from vendors. Apple and Intel have already patched this.

Insights related to Blog

Navigating the Cloud Reset | Private Cloud as a Strategic Priority
Read our insight
Why Media Companies are Turning to High-Performance Cloud Hosting
Read our insight
telephone
Background image

Get in touch

Alert icon
check circle
Alert icon
check circle
Alert icon
check circle
Email icon
Alert icon
check circle
Lock icon

We will use your email in accordance with our Privacy Policy

Alert icon
check circle