New critical Bluetooth exploit discovered
Last year, Google identified a severe Bluetooth security flaw codenamed BlueBorne that allowed hackers to access any device that had Bluetooth enabled. Even though the vulnerability was patched relatively fast, it seems that the troubles with Bluetooth-enabled devices is not over yet. Just recently, another security exploit was discovered, this time affecting smartphones as well as laptops that integrate Apple, Broadcom, Intel and Qualcomm hardware. Microsoft stated that Windows 10 is not affected, while Google Android, Linux, iOS and macOS are still at risk.
According to CERT, the new security flaw makes use of features like “Secure Simple Pairing” and Low Energy "Secure Connections.” Here is how the security flaw can affect Bluetooth-enabled devices that do not sufficiently validate encryption parameters during the pairing process:
"Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used.
In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages."
Apple just issued patches to fix this problem, and users are advised to install the macOS High Sierra 10.13.5, iOS 11.4 (disclosed on July 23), watchOS 4.3.1, and tvOS 11.4. Likewise, Intel stated that a patch for its Wireles-AC family has been released, while Google’s Chrome OS and Android will receive an update as soon as possible. Broadcom and Qualcomm also released fixes to their OEM partners and these should be available in the next days.