A cryptographic bug has affected Bluetooth implementations and operating system drivers of many popular hardware vendors, including Apple, Broadcom, Intel, Qualcomm.
As reported by BleepingComputer, Bluetooth’s “Secure Simple pairing” process and Bluetooth LE’s “Secure Connections” have been affected by this bug. It exploits the incapable validating encryption parameters during Bluetooth connections. Pairing devices poorly validate elliptical curve parameters that are used for generating public keys during the Diffie-Hellman key exchange.
Because of this bug, a remote attacker can obtain the encryption key that is used by the communicating devices and recover data.
The bug with the CVE ID as CVE-2018-5383 has been discovered by two scientists from the Isreal Institute of Technology named Lior Neumann and Eli Biham.
After the discovery, CERT/CC has issued a security advisory explaining the vulnerability.
While Apple, Broadcom, Intel, Broadcom have confirmed the hit by the bug, Microsoft has denied any such effect from the bug. Out of the affected hardware providers, Apple and Broadcom have already deployed the bug fixes.
The Bluetooth Special Interest Group (SIG) which undertakes the development of Bluetooth standards has said: “For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices.” Also, “if only one device had the vulnerability, the attack would not be successful.”
According to the organization, the official Bluetooth specifications have been updated, and now all pairing devices need to validate all parameters that are used for key-based encrypted Bluetooth connections.
The bug fixes for CVE-2018-5383 would be available in the forms of OS updates or driver updates for desktops, laptops, and smartphones. On the other hand, the IoT devices would receive firmware updates for fixing the issue.