Bluetooth Security Flaw Could Let Nearby Attacker Grab Your Private Data (zdnet.com) 30
A recently discovered bug in many Bluetooth firmware and OS drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices. Researchers at the Israel Institute of Technology discovered the flaw, which was flagged today by Carnegie Mellon University CERT. It affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections. ZDNet reports: As the CERT notification explains, the vulnerability is caused by some vendors' Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into the Bluetooth key exchange implementation which uses the elliptic-curve Diffie-Hellman (ECDH) key exchange to establish a secure connection over an insecure channel. This may allow a nearby but remote attacker to inject a a bogus public key to determine the session key during the public-private key exchange. They could then conduct a man-in-the-middle attack and "passively intercept and decrypt all device messages, and/or forge and inject malicious messages." Thankfully, patches are on the way. "Intel recommended users upgrade to the latest support driver and to check with vendors if they have provided one in their respective updates," reports ZDNet. "Dell has released a new driver for the Qualcomm driver it uses while Lenovo's update is for the flaw in Intel software. LG and Huawei have referenced fixes for CVE-2018-5383 in their respective July updates for mobile devices." It is not yet known if Android, Google, or the Linux kernel are affected. Apple has released a patch for the flaw earlier this month.
I'm not worried (Score:2, Funny)
My BT mouse regularly loses connection with my computer sitting 1 meter away. If you can intercept it at 30 meters, you deserve to get all the private data I'm leaking ... about the position of the cursor on my screen.
Re: (Score:2)
On the flip side of that, I have an excellent pair of LG Bluetooth earbuds which I wear constantly and use to take calls while working or otherwise occupied. Frequently my phone is 20-30 feet away charging, and they work pretty reasonably out to that range. I'd like to keep my calls private (you're welcome to listen to my Pandora stations, if you have a Vogon taste in music).
I didn't RTFA; and I barely skimmed TFS. Is there a list of known bad implementations?
Re: (Score:2)
You mean when I bounce my leg and it moves the mouse? It is troublesome with a high DPI mouse. I end up click dragging things more than I get click through's when I do it.
Re: (Score:2)
Bluesniper [smallnetbuilder.com] says thank you!
Already Fixed In Many Cases (Score:4, Informative)
Re: (Score:2)
I don't think all Mac users are running the latest versions of the operating systems on all their devices.
Re: (Score:2)
True enough. My iPad can't update to iOS 11, it's stuck on 10, which presumably won't be patched. Not that it matters to me, I only use Bluetooth for music.
Re: (Score:2)
I don't think
That much is true. Apple of course also updated 10.12 and 10.11.
This is why I don't ... (Score:3)
... take showers.
Re: (Score:2)
Currently I take a shower atleast once a year whether its needed or not. But with stuff like this coming to light, I may stretch this to once every decade. The privacy issues make me feel dirty however.
Wired (Score:2)
Re: (Score:2)
And completely unworkable for devices such as smartwatches, etc. I'm extremely careful what data I use on connections like that, and I do wired connections where possible on my home network, but seriously. Eschewing all wireless connections on the off chance that someone nearby is going to hack you is borderline Luddite. Just be mindful of what you're doing and where.
Re: (Score:2)
yeah security is like totally Luddite
Re: (Score:2)
Re: (Score:3)
Besides, TFA says that this only works if you have two vulnerable devices that are undergoing pairing. There are target-rich environments out there (e.g., the rental car lot at a major airport), but that doesn'
"Private key"? (Score:2)
TFA and the first paragraph of the CERT advisory it quotes talk about exposing the "private key".
I'm not clear whether this is a misspeak, with the vunerable key being the session key, or if the parameter checking failure actually jeopardizes the private key of the attacked system.
The latter is a MUCH bigger problem. If its only the session key that may be exposed, fixing the bug is all you need (unless the attacker was able to get into a service that let him view or alter the private key of the affected d