Video: Picture password: Are squiggles the future of security?
A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices.
The flaw was found by Lior Neumann and Eli Biham of the Israel Institute of Technology, and flagged today by Carnegie Mellon University CERT. The flaw, which is tracked as CVE-2018-5383, has been confirmed to affect Apple, Broadcom, Intel, and Qualcomm hardware, and some Android handsets. It affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections. Fortunately for macOS users, Apple released a patch for the flaw in July.
As the CERT notification explains, the vulnerability is caused by some vendors' Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into the Bluetooth key exchange implementation which uses the elliptic-curve Diffie-Hellman (ECDH) key exchange to establish a secure connection over an insecure channel.
This may allow a nearby but remote attacker to inject a a bogus public key to determine the session key during the public-private key exchange. They could then conduct a man-in-the-middle attack and "passively intercept and decrypt all device messages, and/or forge and inject malicious messages".
Although Microsoft said Windows isn't affected directly, Intel has listed numerous wireless chip modules for Windows 7, 8.1, and 10 products that are, as well as wireless modules for Chrome OS and Linux machines. Intel recommended users upgrade to the latest support driver and to check with vendors if they have provided one in their respective updates. Dell has released a new driver for the Qualcomm driver it uses while Lenovo's update is for the flaw in Intel software.
CERT said it is not known whether Android, Google, or the Linux kernel are affected. There is no mention of it in Google's July Android Security Bulletin or earlier bulletins.
As CERT explains, ECDH consists of a private and public key, the latter being exchanged to create a shared pairing key.
In depth: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | download the PDF version
"The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted shared key, which reduces attacker effort to obtain the private key of the device under attack if the implementation does not validate all of the parameters before computing the shared key," writes CERT's Garret Wassermann.
Bluetooth SIG, the organization responsible for Bluetooth, downplayed the chances of a real-world attack in part because the exploit relies on being within range of two vulnerable devices. Nonetheless, it has updated its specification to require vendors validate any public key received during the exchange.
"For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure," Bluetooth SIG said.
"The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful," it said.
Recent and related coverage
Google and Amazon patch 20 million smart speakers that were vulnerable to serious Bluetooth attack.
Qualcomm is aiming to form the foundation of wireless devices that can actually maintain battery life.
Developers can tap bluetooth low-energy technology found in most smartphones to create IoT applications, according to Mohammad Afaneh, founder of Novel Bits.
An FCC filing confirms the stylus will add Bluetooth support, which opens up its universe.