[ad_1]
Security researchers have discovered a vulnerability in the Bluetooth protocol that affects many chips of Apple, Broadcom, Intel and Qualcomm. The first corrections against the hack are already online.
In 2017, the vulnerability of BlueBorne went around – now the Bluetooth protocol is again due to a vulnerability in the focus. The gap was discovered by researchers at Technion, the Technical University of Israel. As a result, millions of devices and chips seem to be affected – including major manufacturers such as Apple, Broadcom, Intel and Qualcomm.
The new Bluetooth Gap CVE-2018-5383 meets two characteristics of the wireless protocol: and the Secure Connections. As the CERT explains in the Vulnerability Report, the Bluetooth protocol for these two connections relies on encryption with the help of the Diffie-Hellman Key Exchange (ECDH). However, until now, various ECDH parameters are not sufficiently validated before a common key is agreed upon. Thus, encryption is vulnerable to man-in-the-middle attacks. However, for this, the attacker should be a victim of Bluetooth coverage while the victim builds one of these connections.
Driver Close Gap Updates
The Bluetooth SIG, the backup organization behind Bluetooth, has already responded Bluetooth protocol updated. In addition, various manufacturers have already released or announced firmware and driver updates. For example, Apple has already filled the void on July 9 with security updates on iOS 11.4, watchOS 4.3.1, tvOS 11.4 and macOS 10.13.5 High Sierra. Intel has also provided updates according to its report INTEL-SA-00128.
There are no updates from Broadcom and Qualcomm, according to the CERT. Microsoft is not affected by CERT. Unclear is the vulnerability status for Android and Linux and other major hardware manufacturers. This is likely to be followed by other comments from Google, Samsung and Co. shortly.
[ad_2]
Source link