CVE-2018-5383: Encryption bug on Bluetooth affects millions of devices
Two scientists from Israel Institute of Technology, Lior Neumann and Eli Biham found that an encryption bug (CVE-2018-5383) has been confirmed to affect a variety of Bluetooth and Operating system drivers. This bug affects the related products of many hardware vendors such as Apple, Broadcom, Intel, and Qualcomm.
Image: By House (Bluetooth.com) [Public domain], via Wikimedia Commons
The reason for this bug is that Bluetooth-enabled devices cannot thoroughly verify the encryption parameters used during a “secure” Bluetooth connection. More precisely, the paired device cannot sufficiently validate the elliptic curve parameters used to generate the public key during the Diffie-Hellman key exchange.
This will result in a weak pairing problem and may allow a remote attacker to obtain the encryption key used by the device and recover the incoming and outgoing data sent between the two devices paired in the “secure” Bluetooth connection.
CERT/CC issued a security advisory on July 23, 2018, which contains the following instructions related to this vulnerability:
“Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the “Invalid Curve Attack” showed that the ECDH parameters are not always validated before being used in computing the resulted shared key, which reduces attacker effort to obtain the private key of the device under attack if the implementation does not validate all of the parameters before computing the shared key.”
In some implementations, the elliptic curve parameters are not all verified by the encryption algorithm, which would allow a remote attacker in the same wireless range to inject an invalid public key to determine the session key with a high probability. After that, the attacker will be able to passively intercept and decrypt all device-to-device messages and/or forge and inject malicious messages.
CERT/CC experts are still not sure if Android, Google devices, or other Linux kernel-class solutions are affected. Microsoft said its equipment would not affect.