View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Bluetooth Vulnerability Still Being Patched

The vulnerability allows an attack by hackers within wireless range of devices.

By CBR Staff Writer

Patches continue to roll out following the discovery last week of a Bluetooth vulnerability that allows an attacker to intercept communications.

The flaw was discovered by researchers at the Israel Institute of Technology. The CVE-2018-5383 ID marker was assigned to the vulnerability in the Bluetooth protocol.

It affects almost any device with a Bluetooth chip set and renders connections between  devices vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic – if the attacker was in radio range and transmitting while the targeted Bluetooth devices were initially pairing.

The problem arises from Bluetooth’s use of a device paring mechanism that is based on a elliptic-curve Diffie-Hellman (ECDH) key exchange.

When two devices wish to pair with each other they exchange their public keys and a private key is constructed using these keys and an elliptic curve parameter.

Essentially two Bluetooth devices create a one-off shared secret, built from the parts of of their public and private cryptographic keys. This is used to encrypt all communication between the devices.

However, researchers found that not all curve parameters were being checked and validated by the cryptographic algorithm implementation.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Flaw Discovered by Institute

Researchers Eli Biham and Lior Neumann at the Israel Institute of technology commented in their disclosure of the flaw that: “As far as we know every Bluetooth chip manufactured by Intel, Broadcom or Qualcomm is affected. Therefore, almost any device, including smartphones and headsets of all types, are affected.”

“In addition, the Android Bluetooth stack (Bluedroid) is affected when using Bluetooth smart. Apple had provided patches for both MacOS and iOS. The Windows Bluetooth smart stack did not implement the latest Bluetooth smart protocol and is therefore still vulnerable to older and simpler attacks.”

“This process supplies the ground for all of the security and privacy features provided by Bluetooth. Failing to secure this process compromises the entire Bluetooth session,” they added

This means any attacker within wireless range can insert an invalid public key into the exchange which allows them to determine the actual key with a high success rate.

Once in the hacker is undetected within the Bluetooth connection and can intercept and decrypt any communications from the parried devices, as well as insert or forge any malicious messages they want.

From a user’s point of view the only warning they will receive that they are being targeted is if the attack fails to insert a public key into the mix, as this would cause the connection to not be established and the user would get an authentication error.

The Bluetooth Special Interest Group (SIG), the body tasked with overseeing standards and licensing of Bluetooth technology released a statement commenting that: “To remedy the vulnerability, the Bluetooth SIG has now updated the Bluetooth specification to require products to validate any public key received as part of public key-based security procedures.”

  • Google’s patch was included in their June 2018 update. See their June 2018 bulletin here.
  • Intel’s publication is here.
  • Apple’s publication for MacOS is here and here.
  • Apple’s publication for iOS is here.
  • Lenovo information is here.
  • Samsung information is here.
  • LG’s reference is here.
  • Huawei’s reference is here.
  • Dell’s fix is here.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU