A high severity cryptographic bug affects some Bluetooth implementations that could enable remote attackers in the proximity of targeted devices to monitor or manipulate the traffic. While Bluetooth attacks are quite common, this latest vulnerability affects operating system drivers of some major vendors including Apple, Broadcom, Intel, and Qualcomm.
Tracked as CVE-2018-5383, the implementation of this Bluetooth bug on Google, Android and Linux is currently unknown. Microsoft said its devices are not affected.
Another big bad Bluetooth bug discovered
The vulnerability is related to the "Secure Simple Pairing" and Bluetooth LE (Low Energy)'s "Secure Connections." The Bluetooth Special Interest Group (SIG) recommends devices supporting the two features to validate the public key received during their pairing process. Because this is not a requirement, some vendors do not perform public key validation. CERT explains the vulnerability:
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used.
In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages.
Due to this loophole, an unauthenticated attacker in Bluetooth range of the targeted devices during the pairing process can launch a man-in-the-middle (MitM) attack to obtain the encryption key. This allows the criminals to intercept traffic and even tamper with it.
"The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window," the Bluetooth SIG said.
"If only one device had the vulnerability, the attack would not be successful."
In short, this attack works when both the connected devices do not sufficiently validate encryption parameters during the pairing process. The Bluetooth SIG suggested that it has now updated recommendations to require products to validate public keys.
To fix the vulnerability, Apple released patches with macOS High Sierra 10.13.5, iOS 11.4 (disclosed on July 23), watchOS 4.3.1, and tvOS 11.4. Intel has also fixed the flaws, with its advisory warning that the bug impacts its Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC product families. The details on fixing the bug on Windows, Chrome OS and Linux are shared here. Broadcom has suggested having made the fixes available to its OEM partners; Qualcomm is yet to update on fixing the vulnerability confirmed in an email to Wccftech that it has also sent out fixes.
- Technical details are available in this advisory published by CERT.
