The bug occurs because Bluetooth capable devices don’t provide enough encryption parameters while using “secured” Bluetooth connections. To be more precise, pairing devices aren’t sufficiently providing validate elliptic curvature parameters for generating public keys while performing a Diffie-Hellman key exchange.

Thus, the result is a weak pairing that allows a remote hacker to obtain the encryption key and recover the data sent in-between the “secure”ly connected devices.

Bluetooth and Bluetooth LE affected

There’s no safe Bluetooth present as it appears. The “Secure Simple Pairing” of Bluetooth and “Secure Connections” of Bluetooth LE pairing processes are affected with the bug. Two scientists from the Israel Institute of Technology, Lior Neumann and Eli Biham discovered the bug. The bug is tracked as CVE-2018-5383.

According to a security advisory, CERT/CC published recently as states the explanation of the vulnerability.

Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the “Invalid Curve Attack” showed that the ECDH parameters are not always validated before being used in computing the resulted shared key, which reduces attacker effort to obtain the private key of the device under attack if the implementation does not validate all of the parameters before computing the shared key.

In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages.

Big vendors affected

Unfortunately, there are some big names associated with the bug. Giants like Apple, Intel, Qualcomm, and Broadcom have confirmed that their systems are vulnerable due to the bug. Intel, Apple, and Broadcom have released fixes for the bug. Qualcomm has also released necessary fixes.

Microsoft said that their devices are not vulnerable. CERT/CC experts were unable to determine whether Android, Google, and Linux kernel had the bug. But it’s safe to assume that Bluetooth is not safe anymore. That’s why try to avoid using Bluetooth, especially while transferring confidential files.

However, according to The Bluetooth Special Interest Group (SIG), the organization overseeing the development of Bluetooth standards, have issued a statement regarding this new vulnerability. According to the statement, an attacker has to be in the range of the vulnerable devices for successfully intercepting the data transfer.

The organization has also updated the official Bluetooth specification. Now, the requirement is set so that all devices must validate all parameters for key-based encryptions with Bluetooth connections.

How to stay safe

There has been no report that the attack was used in the wild but better be safe than sorry, right? If your device is Bluetooth capable, you shouldn’t use it for transferring important files. For example, office documents or anything that contains any type of confidential information should not be transferred using Bluetooth. It’s safe to exchange songs and other normal files that don’t have any clue about any personal info.

If possible, try to avoid Bluetooth usage at all. Use the sharing system only when needed.

Expect to have an update on your system pretty soon including all the desktops, laptops, smartphones and other devices.

The post Bluetooth Crypto Bug appeared first on Linux Windows and android Tutorials.