Bluetooth, one of the primary ways of connectivity that has been an object of controversy, yet again has been found to be a security threat to the users. A new way to hack Bluetooth has been discovered.
This extremely critical cryptographic shortcoming, tracked as CVE-2018-5383, has been found that could allow unauthorized, remote hacker, physically present near the victim, can target the device and monitor, manipulate or intercept the exchange of traffic on their device.
This works by manipulating operating system software or firmware belonging to major companies like Broadcom, Qualcomm, Intel, and Apple. However, its effects on Google, Android, and Linux are yet to be discovered.
The two Bluetooth features that are mainly responsible for this vulnerability are Bluetooth low energy(LE) and BR/EDR implementations.
When this happens, an unauthorized hacker within the physical proximity of the Bluetooth exchange can intercept and can obtain the cryptographic key in a man-in-the-middle sort of cyber-attack. This will give them access to the supposedly encrypted communication. This may lead to a data theft or malware being injected into your device.
This is what Bluetooth Special Interest Group (SIG) has to say about the matter:
According to a security advisory released by CERT/CC regarding the matter, the elliptic-curve Diffie-Hellman (ECDH), the Bluetooth pairing mechanism that allows the encrypted communication via private and a public key between the connecting devices.
The elliptical curve parameters should also be agreed upon by the devices but that’s not always the case and they are not properly validated. This lets remote hackers within the range "to inject an invalid public key to determine the session key with high probability."
According to the CERT/CC, patches are required for firmware as well as operating system software drivers. These should be provided by the developers of the product under threat.
Intel and Apple have already acted promptly and their patches have been released. Apple, in particular, has given out macOS High Sierra 10.13.5, iOS 11.4, watchOS 4.3.1, and tvOS 11.4.
Intel, on the other hand, has released the patches for both the firmware and the software on Monday. It has also informed the users that it’s Tri-Band Wireless AC, Dual-Band Wireless AC and Wireless AC product families are the vulnerable one.
Broadcom’s Bluetooth 2.1 or the latest technology are the ones prone to this bug, but apparently, the issue has been fixed already as claimed by the chip maker.
Qualcomm has maintained its silence over the matter.
Bluetooth SIG denies any claims of this bug being maliciously manipulated and that there is no news of “any devices implementing the attack having been developed, including by the researchers who identified the vulnerability."
This extremely critical cryptographic shortcoming, tracked as CVE-2018-5383, has been found that could allow unauthorized, remote hacker, physically present near the victim, can target the device and monitor, manipulate or intercept the exchange of traffic on their device.
This works by manipulating operating system software or firmware belonging to major companies like Broadcom, Qualcomm, Intel, and Apple. However, its effects on Google, Android, and Linux are yet to be discovered.
The two Bluetooth features that are mainly responsible for this vulnerability are Bluetooth low energy(LE) and BR/EDR implementations.
How does this hack work?
As discovered by the researchers from the Israel Institute of Technology, it’s not mandatory in Bluetooth specifications that the devices that support both of the above-mentioned features to validate the public encryption key that is received during the secure pairing. This optional validation is proved to be insufficient in elliptic curve parameters that are used to produce public keys while Diffie-Hellman key exchange.When this happens, an unauthorized hacker within the physical proximity of the Bluetooth exchange can intercept and can obtain the cryptographic key in a man-in-the-middle sort of cyber-attack. This will give them access to the supposedly encrypted communication. This may lead to a data theft or malware being injected into your device.
This is what Bluetooth Special Interest Group (SIG) has to say about the matter:
"For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure."
"The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful."
According to a security advisory released by CERT/CC regarding the matter, the elliptic-curve Diffie-Hellman (ECDH), the Bluetooth pairing mechanism that allows the encrypted communication via private and a public key between the connecting devices.
The elliptical curve parameters should also be agreed upon by the devices but that’s not always the case and they are not properly validated. This lets remote hackers within the range "to inject an invalid public key to determine the session key with high probability."
To Stop Bluetooth From Getting Hacked:
To help with the matter, the updated Bluetooth specifications have now been provided by the Bluetooth SIG that will validate the public keys.According to the CERT/CC, patches are required for firmware as well as operating system software drivers. These should be provided by the developers of the product under threat.
Affected Vendors:
The big names that were bugged by this particular hack are noted to be Apple, Qualcomm, Intel, and Broadcom. However, Microsoft products seem to be immune to this. Google, Linux, and Android are yet to be tested and confirmed for this shortcoming.Intel and Apple have already acted promptly and their patches have been released. Apple, in particular, has given out macOS High Sierra 10.13.5, iOS 11.4, watchOS 4.3.1, and tvOS 11.4.
Intel, on the other hand, has released the patches for both the firmware and the software on Monday. It has also informed the users that it’s Tri-Band Wireless AC, Dual-Band Wireless AC and Wireless AC product families are the vulnerable one.
Broadcom’s Bluetooth 2.1 or the latest technology are the ones prone to this bug, but apparently, the issue has been fixed already as claimed by the chip maker.
Qualcomm has maintained its silence over the matter.
Bluetooth SIG denies any claims of this bug being maliciously manipulated and that there is no news of “any devices implementing the attack having been developed, including by the researchers who identified the vulnerability."
This issue is quite worrisome if you regularly communicate via Bluetooth services as you could be getting tapped without your knowledge. The silver lining though is that there are fixes available for whichever device you use.
