Notebookcheck Logo

New critical Bluetooth exploit discovered

The latest Bluetooth vulnerability affects smartphones as well as laptops integrating Intel/Broadcom/Qualcomm Bluetooth-enabled hardware. (Source: Cubot Blog)
The latest Bluetooth vulnerability affects smartphones as well as laptops integrating Intel/Broadcom/Qualcomm Bluetooth-enabled hardware. (Source: Cubot Blog)
The latest Bluetooth vulnerability may affect many more devices than last year's BlueBorne, because it can affect smartphones as well as laptops that integrate Apple, Google, Intel, Broadcom or Qualcomm hardware. Due to insufficient encryption validation during the pairing process. Microsoft claims that Windows 10 is not affected, but all the other companies are releasing fixes as soon as possible.

Last year, Google identified a severe Bluetooth security flaw codenamed BlueBorne that allowed hackers to access any device that had Bluetooth enabled. Even though the vulnerability was patched relatively fast, it seems that the troubles with Bluetooth-enabled devices is not over yet. Just recently, another security exploit was discovered, this time affecting smartphones as well as laptops that integrate Apple, Broadcom, Intel and Qualcomm hardware. Microsoft stated that Windows 10 is not affected, while Google Android, Linux, iOS and macOS are still at risk.

According to CERT, the new security flaw makes use of features like “Secure Simple Pairing” and Low Energy "Secure Connections.” Here is how the security flaw can affect Bluetooth-enabled devices that do not sufficiently validate encryption parameters during the pairing process:

"Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used.

In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages."


Apple just issued patches to fix this problem, and users are advised to install the macOS High Sierra 10.13.5, iOS 11.4 (disclosed on July 23), watchOS 4.3.1, and tvOS 11.4. Likewise, Intel stated that a patch for its Wireles-AC family has been released, while Google’s Chrome OS and Android will receive an update as soon as possible. Broadcom and Qualcomm also released fixes to their OEM partners and these should be available in the next days.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Bogdan Solca, 2018-07-25 (Update: 2018-07-25)