Bluetooth flaw exposes kit from Apple, Intel, Qualcomm and more to MITM attacks

[steven36]

But there's been no evidence that the vulnerability has been exploited

 

 

Bluetooth flaw exposes kit from Apple, Intel, Qualcomm and more to MITM attacks

 

SECURITY BOFFINS have discovered a vulnerability in Bluetooth that allows attackers to potentially intercept communications between paired devices.

 

The flaw, known as CVE-2018-5383, was unveiled by Lior Neumann and Eli Biham, cybersecurity researchers from the Israel Institute of Technology, who note that two Bluetooth features - Secure Simple Pairing and LE Secure Connections - are affected. 

 

The issue stems from the fact that the Bluetooth specification recommends, but does not require, that a device supporting Secure Simple Pairing or LE Secure Connections validate the public key received over the air when pairing with a new device.

 

"In such cases, connections between those devices could be vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic," Bluetooth SIG said in its advisory.  

"For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure," the outfit added.

 

"The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful."

 

A whole host of devices are affected, and Apple, Broadcom, Qualcomm Intel are among those who have already pushed out fixes. According to Microsoft, its devices remain unaffected. 

 

Bluetooth SIG said that it has now updated the Bluetooth specification to require products to validate any public key received as part of public key-based security procedures, adding that there is no evidence of the flaw being exploited. 

 

"There is no evidence that the vulnerability has been exploited maliciously and the Bluetooth SIG is not aware of any devices implementing the attack having been developed, including by the researchers who identified the vulnerability," it said.

 

Source

[tao]

Researchers in the Technion-Israel Institute of Technology Computer Science Department and the Hiroshi Fujiwara Cyber Security Research Center at the Technion have successfully deciphered Bluetooth communication, which was previously considered a safe communication channel against breaches. This was done as part of Lior Neumann's master's thesis, supervised by Prof. Eli Biham, head of the Hiroshi Fujiwara Cyber Security Research Center.

 

Bluetooth technology, developed in the 1990s, quickly became a popular platform thanks to its simplicity of use. Unlike Wi-Fi, Bluetooth is not based on a network connecting several devices to one another but rather on the individual pairing of two devices (e.g. a headset and a telephone). This method allows convenient use and configuration and makes securing communication between devices easier.

 

When using a Bluetooth headset, for example, the user must confirm the action on his phone. A connection is then established between the headset and the phone: an encrypted channel is formed between the two devices. Over the years, Bluetooth technology has developed and expanded, and has advanced to the latest encryption technologies. For this reason, this technology was widely considered immune to attack. And thanks to its simplicity and low cost, Bluetooth technology is present in almost every technological consumer device such as wearable equipment, car speakers, smart TVs, smart clocks, keyboards, and computers. It also supports Internet connections, printers and faxes.

 

After a year of theoretical and experimental work, Neumann and Prof. Biham developed an offensive that exposes a vulnerability in all the latest versions of Bluetooth. According to Prof. Biham, who is considered to be one of the world's most prominent researchers in cryptography, "The technology we developed reveals the encryption key shared by the devices and allows us, or a third device, to join the conversation. We can eavesdrop on or sabotage a conversation. As long as we do not actively participate, the user has no way of knowing that there is a third party listening in."

 

Bluetooth device coupling uses a mathematical concept called ECC: elliptic-curve cryptography. At the moment of coupling, the Bluetooth devices use points on a mathematical structure called an elliptical curve to determine a common secret key on which encryption is based. The Technion researchers found a point with special properties located outside the curve, which allows them to determine the result of the calculation without being identified as malicious by the device. Using that point, they set the encryption key that will be used by the two coupled components.

 

The offensive developed by Neumann and Prof. Biham is relevant to both aspects of Bluetooth technology – the hardware (chip) and the operating system (such as Android or iOS) in both devices (the headset and phone in the case of the example above) – and threatens the newest versions of the international standard. The Technion researchers contacted the CERT Coordination Center at Carnegie Mellon University and Bluetooth SIG and informed them of the breach they discovered. "We also contacted major international companies including Intel, Google, Apple, Qualcomm, and Broadcom, which hold most of the relevant market, and informed them about the breach and ways to fix it," said Prof. Biham. "Google defined the breach as 'severe' and distributed an update about a month ago; Apple released an update this week. Other manufacturers who heard about the breach contacted us in order to check their products."

 

< Here >

[Karamjit]

Topic Merged....Irrelevant Contents/Remarks/Posts Removed.....

[straycat19]

It is getting to the point where announcing all these flaws in various devices has become absurd.  This is for several reasons.  First, the only real fix is to develop new hardware and drivers and people aren't going to run out and buy it because they either don't know about it or can't afford it.  Secondly, no one is going to throw away a perfectly good laptop/desktop just because there is a very unlikely chance that a lab exercise could be done in real life on their system.  Thirdly, anything made by man can be broken by man.  There is nothing that can't be circumvented if a person is willing to devote the time to doing it.  If we really are so paranoid that we have to keep informing people of all the vulnerabilities of computer systems, then we should throw all our computers away and start sending letters to each other.  But wait, maybe someone will steal our letter, some postal employee doesn't want to deliver it and dumps all the mail in the trash, or it just gets lost in the post office.  So maybe we should just talk to each other. But wait, you might be killed walking across the street, or hit by lightning while conversing in your yard, etc.  See the point?  To everything there is a flaw, but it hasn't stopped mankind from existing for over 2500 years.

[steven36]

1 hour ago, straycat19 said:

It is getting to the point where announcing all these flaws in various devices has become absurd.  This is for several reasons.  First, the only real fix is to develop new hardware and drivers and people aren't going to run out and buy it because they either don't know about it or can't afford it.  Secondly, no one is going to throw away a perfectly good laptop/desktop just because there is a very unlikely chance that a lab exercise could be done in real life on their system.  Thirdly, anything made by man can be broken by man.  There is nothing that can't be circumvented if a person is willing to devote the time to doing it.  If we really are so paranoid that we have to keep informing people of all the vulnerabilities of computer systems, then we should throw all our computers away and start sending letters to each other.  But wait, maybe someone will steal our letter, some postal employee doesn't want to deliver it and dumps all the mail in the trash, or it just gets lost in the post office.  So maybe we should just talk to each other. But wait, you might be killed walking across the street, or hit by lightning while conversing in your yard, etc.  See the point?  To everything there is a flaw, but it hasn't stopped mankind from existing for over 2500 years. 

It's even much worse with  IOT  these things no one will ever update  tell they stop working no one is going go out and buy a refrigerator just to fix it,  they not even going know there infected , just  they will be a part of a botnet tell  someone shuts the botnet down its not a computer were you can see you're infected . At lest on windows  and other os  you can  patch but a patch can actuality screw you up and make you vulnerable to something  else  . So  there is no wining  .

 

You can thank you're Government for all of this  if they dont patch and things they will be held labile . Microsoft back before they bought Giant Anti Spyware and turned it in to Windows defender didn't even care and they never baked that in tell Windows 8 , I remember updates on  XP they done so they couldn't be sued  for users  being able to login too pay sites with IE without putting the hacked password  in and the password crackers they just turned around and made a regfile to reverse there updates and put on there sites for you to download . And in XP , vista and the early days of windows 7 a lot updates were just to kill pirates activation and  there updates were never trusted on sites like these up tell after they got kms and phone activation with Skype. Then soon after they started messing with updates again putting stuff to push windows 10 and to spy on you in there updates.

That's why I laugh my butt off when i see a pirate M$ fanboy..The Governments in the USA and EU suing them  forced them to  change the way they done things.

 

Before XP SP 2 if you logged on  the internet  without installing a  3rd party firewall before you did,  you would be infected in like 20 minutes that was before Windows XP had a firewall that would stop a virus  , now days the only way  a real virus gets in they have to find a back door, that most likely the Government put there in the 1st place .  Early XP days you're builtin Firewall was the backdoor,  you may as well not had any .