What just happened? A Bluetooth vulnerability has been discovered that could allow an attacker within proximity to intercept traffic being sent between devices. The bug affects firmware or operating system drivers of major firms, including Apple, Intel, Qualcomm, and Broadcom.
Lior Neumann and Eli Biham of the Israel Institute of Technology discovered the cryptographic vulnerability (CVE-2018-5383), which has since been shared by Intel and CERT. The bug is related to Bluetooth devices not sufficiently validating encryption parameters during connections.
“The elliptic-curve Diffie-Hellman (ECDH) key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key,” writes CERT. “The devices must also agree on the elliptic curve parameters being used. Previous work on the ‘Invalid Curve Attack’ showed that the ECDH parameters are not always validated before being used in computing the resulted shared key, which reduces attacker effort to obtain the private key of the device under attack if the implementation does not validate all of the parameters before computing the shared key.”
The issue affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections, allowing nearby hackers (within 30 meters) to intercept, monitor, and manipulate traffic as it passes from one device to another.
Some companies, including Apple, Broadcom, Intel, and Qualcomm have already deployed fixes. Apple fixed the bug with the release of macOS High Sierra 10.13.5, iOS 11.4, watchOS 4.3.1, and tvOS 11.4.
Microsoft said its devices aren’t affected, while researchers have been unable to say if Android, Google, or the Linux Kernel are at risk.
The Bluetooth Special Interest Group (SIG) said the official Bluetooth specifications have now been updated to require products to validate any public key received as part of public key-based security procedures. The group said: "For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure."
"The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful."
Thankfully, there are no reported instances of the attack being used in the wild, and it’s unlikely that to pose much risk to everyday users.