Shulou(Shulou.com)06/01 Report--

Recently, security researchers have discovered a high-risk encryption vulnerability (CVE-2018-5383) in some Bluetooth devices, which will allow unauthenticated attackers to intercept, monitor or tamper with the network data of the device after they physically approach the target device.

The Bluetooth vulnerability, numbered CVE-2018-5383, affects device firmware and operating system software drivers produced by large manufacturers such as Apple, Broadcom, Intel and Qualcomm, and it is unclear whether the vulnerability will affect Android and Linux devices.

This vulnerability mainly affects two Bluetooth functions, the first is the low-power Bluetooth (LE) implementation for secure connection pairing in the operating system software, and the second is the BR/EDR implementation for secure simple pairing in the device firmware.

How to achieve Bluetooth attack?

According to the Bluetooth Technology Alliance (SIG), the attack is based on the fact that the attacker's device needs to be within the signal range of two communication devices that contain vulnerabilities, and the attack must be carried out during device pairing. The attacking device first needs to intercept the key information exchanged by both sides of the communication, and then inject malicious packets. It should be noted that if a device on both sides of the communication does not have this vulnerability, the attack will not be successful.

Researchers from the Israel Institute of Technology said that although the standardization body stipulated the relevant Bluetooth implementation standard recommendations, the standard did not force two feature devices to verify the public encryption key during the pairing process. Because this standard is not mandatory, although Bluetooth products of many manufacturers support the above two Bluetooth functions, the validity of the elliptic curve parameters used to generate the public key is not fully verified in the process of Diffie-Hellman key exchange.

In this case, the attacker can launch a man-in-the-middle attack during the pairing of the target device and obtain the encryption key used by the device, so that they will be able to steal or tamper with the encrypted communication data between the devices. even use malware to infect the target device involved in the communication.

Devices from Apple, Qualcomm, Intel and Qualcomm have all been affected.

Currently, Apple, Qualcomm, Intel and Qualcomm have all found the flaw in their Bluetooth chips, but Google, Android and Linux have not yet confirmed whether the vulnerability will affect their products. Fortunately, Microsoft products will not be affected by this vulnerability.

According to Intel, the vulnerability could affect dual-band wireless AC, tri-band wireless AC and other wireless AC products. However, Intel also said that its technicians have pushed software and hardware patches to fix the problem.

In addition to Intel, Apple has also pushed bug patches to customers with updated firmware version information: macOS High Sierra 10.13.5, iOS 11.4, watchOS 4.3.1 and tvOS 11.4.

According to an announcement issued by Broadcom, some of the company's Bluetooth 2.1-enabled products and the latest technologies may be affected by the vulnerability, but the company has developed a relevant security vulnerability patch and has pushed it to OEM customers.

This article is reproduced from: FreeBuf.COM, and the original text is compiled by FB editor Alpha_h5ck

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.