Now there is one more Bluetooth hacking technique revealed.
While an enormously vital cryptographic vulnerability has been affecting some Bluetooth implementations and let an unauthenticated, remote attacker in physical proximity of aimed devices interceptor also manipulate or monitor the traffic that they easily exchange.
Though the Bluetooth hack vulnerability has also tracked as CVE-2018-5383, which can easily affect the firmware or operating system software drivers from some major vendors including Apple, Broadcom, Intel, and also the Qualcomm, while some suggestion of the bug on the Google, Android and also Linux is still unknown.
A security vulnerability is also associated with the two Bluetooth features which are mentioned below:
A few days ago, the researchers of Israel Institute of Technology discovered that the Bluetooth specification suggests, but it even does not command devices which are supporting two features only to authenticate the public encryption key that received over-the-air during the time of secure pairing.
While the specification is optional, as some vendors’ of the Bluetooth products always supporting the two features which do not satisfactorily authenticate elliptic curve parameters normally used to generate public keys during the Diffie-Hellman key exchange.
In this situation, unauthenticated, remote attackers who are within the range of the targeted devices during the time of the pairing process that can easily launch a man-in-the-middle attack only to get the cryptographic key which is generally used by the device. And also allowing them to potentially snoop on purportedly encrypted device communication only to steal some data which is going over-the-air, and also inject malware.
Recently, CERT/CC also released a security advisory which includes the other technical details related to the attack method and Bluetooth vulnerability.
According to the CERT/CC, Bluetooth will also make use of a device pairing mechanism which is completely based on elliptic-curve Diffie-Hellman (ECDH) key exchange only to allow the encrypted communication between the devices.
Although the ECDH key exchange has been involved a private and a public key, and the public keys are easily exchanged to produce a shared pairing key.
While these devices must agree on the elliptic curve parameters which are being used, but in some implementations, the parameters are not satisfactorily validated, and also allowing remote attackers within the wireless range only to add an invalid public key to conclude the session key with high probability option.
To fix the problem permanently, the Bluetooth SIG now has been updated the Bluetooth specification that requires some products to validate public keys which are already as part of the public key-based security procedures.
Additionally, the organization also has tested for this vulnerability in its Bluetooth requirement Process.
Recently, the CERT/CC said that the patches are needed in both the operating system or firmware software drivers and which should be obtained directly from the developers and vendors of the affected products and if possible then installed it all.
Thus far, Apple, Intel, Broadcom, and also the Qualcomm have been found affected with the Bluetooth chipsets include in their devices, while the Google, Android, and Linux have now to verify the subsistence of the vulnerability in their particular products. However, the products of the Microsoft are not even vulnerable.
Though the Apple and Intel already have released patches for this security vulnerability. And Apple also fixed the bug with the release of macOS High Sierra 10.13.5, iOS 11.4, watchOS 4.3.1, and tvOS 11.4.
Last week, Intel also released both firmware and also the software updates for patching the Bluetooth bug, and also informing users that the high cruelty error impacts the company’s Tri-Band Wireless-AC, Dual Band Wireless-AC, and Wireless-AC product families.
According to the Broadcom, its few products are supporting the Bluetooth 2.1 or newer technology which might be affected by the reported issue, but all the chip makers claim that they already have made fixes available to only its OEM customers, now who are responsible for offering them to the end-users.
However, the Qualcomm still has not released any statement regarding the vulnerability.