Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bluetooth Security Flaw Could Let Nearby Attacker Grab Your Private Data (zdnet.com)

Posted by BeauHD on from the order-to-go dept.

A recently discovered bug in many Bluetooth firmware and OS drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices. Researchers at the Israel Institute of Technology discovered the flaw, which was flagged today by Carnegie Mellon University CERT. It affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections. ZDNet reports: As the CERT notification explains, the vulnerability is caused by some vendors' Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into the Bluetooth key exchange implementation which uses the elliptic-curve Diffie-Hellman (ECDH) key exchange to establish a secure connection over an insecure channel. This may allow a nearby but remote attacker to inject a a bogus public key to determine the session key during the public-private key exchange. They could then conduct a man-in-the-middle attack and "passively intercept and decrypt all device messages, and/or forge and inject malicious messages." Thankfully, patches are on the way. "Intel recommended users upgrade to the latest support driver and to check with vendors if they have provided one in their respective updates," reports ZDNet. "Dell has released a new driver for the Qualcomm driver it uses while Lenovo's update is for the flaw in Intel software. LG and Huawei have referenced fixes for CVE-2018-5383 in their respective July updates for mobile devices." It is not yet known if Android, Google, or the Linux kernel are affected. Apple has released a patch for the flaw earlier this month.

4 of 30 comments (clear)

  1. I'm not worried by Anonymous Coward · · Score: 2, Funny

    My BT mouse regularly loses connection with my computer sitting 1 meter away. If you can intercept it at 30 meters, you deserve to get all the private data I'm leaking ... about the position of the cursor on my screen.

  2. Already Fixed In Many Cases by WankerWeasel · · Score: 3, Informative

    Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

  3. This is why I don't ... by CaptainDork · · Score: 2

    ... take showers.

    --
    It little behooves the best of us to comment on the rest of us.
  4. Re:Wired by demonlapin · · Score: 2

    Um, if it's not end-to-end encrypted with some pretty serious crypto that I trust, then I don't discuss anything important on it. You want to listen to me ask my wife if we need anything from the grocery, knock yourself out (while trying to stay within range of my car). Sensitive business stuff? No.

    Besides, TFA says that this only works if you have two vulnerable devices that are undergoing pairing. There are target-rich environments out there (e.g., the rental car lot at a major airport), but that doesn't strike me as a major attack vector unless you're the victim of a highly targeted state-sponsored attack, in which case you're probably screwed anyway.