Two academics from the Israel Institute of Technology, Lior Neumann and Eli Biham, have identified an encryption vulnerability in the Bluetooth firmware implementations of Apple, Broadcom, Intel, Qualcomm, and some Android smartphone makers.
Insecure Bluetooth Pairings
The encryption bug affects both the “Secure Simple Pairing" and Bluetooth Low Energy "Secure Connections" pairing processes. The vulnerability lies in the fact that the firmware implementations of the above-mentioned companies don’t properly validate the public keys of the two devices that are paired with each other.
According to CERT/CC, which recently issued an advisory on this flaw, the secure pairing process works as follows:
“Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key.
The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted shared key, which reduces attacker effort to obtain the private key of the device under attack if the implementation does not validate all of the parameters before computing the shared key."
CERT added that without the elliptic curve validation, someone could not only decrypt and intercept the users’ messages, but they could also inject malicious messages.
Bluetooth SIG Downplays the Vulnerability
According to the Bluetooth Special Interest Group (SIG), which develops the Bluetooth standard, this bug isn’t too dangerous because an attacker would need to be present when two devices start the pairing process and could only take advantage of a narrow time window. Furthermore, if one of the devices isn’t vulnerable, then the attack will not be successful.
However, the group also said it will update the Bluetooth specification so that all parameters must be validated. This sounds like Bluetooth SIG could have required this validation of all those who implement its standard from the beginning, but for whatever reason didn’t.
The good news is that most of the companies impacted by the bug have already issued patches. Apple, Broadcom, and Intel have released patches, but it will be up to users to update their Bluetooth drivers with the new patches in order to be protected against this bug. Some laptop makers that use Qualcomm's Bluetooth chips, such as Dell, have also started to issue driver updates that include the patch.
