Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Bug Communications Operating Systems Software

Bluetooth Security Flaw Could Let Nearby Attacker Grab Your Private Data (zdnet.com) 30

A recently discovered bug in many Bluetooth firmware and OS drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices. Researchers at the Israel Institute of Technology discovered the flaw, which was flagged today by Carnegie Mellon University CERT. It affects Bluetooth's Secure Simple Pairing and Low Energy Secure Connections. ZDNet reports: As the CERT notification explains, the vulnerability is caused by some vendors' Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into the Bluetooth key exchange implementation which uses the elliptic-curve Diffie-Hellman (ECDH) key exchange to establish a secure connection over an insecure channel. This may allow a nearby but remote attacker to inject a a bogus public key to determine the session key during the public-private key exchange. They could then conduct a man-in-the-middle attack and "passively intercept and decrypt all device messages, and/or forge and inject malicious messages." Thankfully, patches are on the way. "Intel recommended users upgrade to the latest support driver and to check with vendors if they have provided one in their respective updates," reports ZDNet. "Dell has released a new driver for the Qualcomm driver it uses while Lenovo's update is for the flaw in Intel software. LG and Huawei have referenced fixes for CVE-2018-5383 in their respective July updates for mobile devices." It is not yet known if Android, Google, or the Linux kernel are affected. Apple has released a patch for the flaw earlier this month.
This discussion has been archived. No new comments can be posted.

Bluetooth Security Flaw Could Let Nearby Attacker Grab Your Private Data

Comments Filter:
  • by Anonymous Coward

    My BT mouse regularly loses connection with my computer sitting 1 meter away. If you can intercept it at 30 meters, you deserve to get all the private data I'm leaking ... about the position of the cursor on my screen.

    • On the flip side of that, I have an excellent pair of LG Bluetooth earbuds which I wear constantly and use to take calls while working or otherwise occupied. Frequently my phone is 20-30 feet away charging, and they work pretty reasonably out to that range. I'd like to keep my calls private (you're welcome to listen to my Pandora stations, if you have a Vogon taste in music).

      I didn't RTFA; and I barely skimmed TFS. Is there a list of known bad implementations?

    • Bluesniper [smallnetbuilder.com] says thank you!

  • by WankerWeasel ( 875277 ) on Tuesday July 24, 2018 @06:00PM (#57003480)
    Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.
    • I don't think all Mac users are running the latest versions of the operating systems on all their devices.

      • by anss123 ( 985305 )

        True enough. My iPad can't update to iOS 11, it's stuck on 10, which presumably won't be patched. Not that it matters to me, I only use Bluetooth for music.

      • I don't think

        That much is true. Apple of course also updated 10.12 and 10.11.

  • by CaptainDork ( 3678879 ) on Tuesday July 24, 2018 @06:18PM (#57003584)

    ... take showers.

    • Currently I take a shower atleast once a year whether its needed or not. But with stuff like this coming to light, I may stretch this to once every decade. The privacy issues make me feel dirty however.

  • is the wise option as it always was. Who would open their devices to any stranger with wireless skills?
    • And completely unworkable for devices such as smartwatches, etc. I'm extremely careful what data I use on connections like that, and I do wired connections where possible on my home network, but seriously. Eschewing all wireless connections on the off chance that someone nearby is going to hack you is borderline Luddite. Just be mindful of what you're doing and where.

    • Um, if it's not end-to-end encrypted with some pretty serious crypto that I trust, then I don't discuss anything important on it. You want to listen to me ask my wife if we need anything from the grocery, knock yourself out (while trying to stay within range of my car). Sensitive business stuff? No.

      Besides, TFA says that this only works if you have two vulnerable devices that are undergoing pairing. There are target-rich environments out there (e.g., the rental car lot at a major airport), but that doesn'
  • TFA and the first paragraph of the CERT advisory it quotes talk about exposing the "private key".

    I'm not clear whether this is a misspeak, with the vunerable key being the session key, or if the parameter checking failure actually jeopardizes the private key of the attacked system.

    The latter is a MUCH bigger problem. If its only the session key that may be exposed, fixing the bug is all you need (unless the attacker was able to get into a service that let him view or alter the private key of the affected d

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...