[ad_1]
With a bunch of published and other security patches in progress, details have been made public about a Bluetooth bug that potentially allows disbelievers to requisition devices nearby.
This Carnegie-Mellon Vulnerability Advisory CERT Defect: Firmware or operating system drivers skip a vital check during a Diffie-Hellman key exchange between devices.
The Impact: A Nearly Indiscreet Ear Could "Intercept and Decipher and / or Forge and Inject Messages" Transported via Bluetooth Low Energy and Wireless Bluetooth Basic Rate / Enhanced Data Rate Connections (BR / EDR) Between Gizmos .
In other words, you can spy on supposedly encrypted communications between two devices to steal their live information and inject malicious commands. For this, you must have been in the radio range and transmitted while the gadgets were pairing
Curveball
The security flaw has slipped into the implementations. matching using Diffie-Hellman key exchanges. During pairing, both devices are intended to create a shared secret key based on an exchange of their public keys, and during this process, both ends of the conversation agree on the parameters of the elliptic curve. that they use.
t validate all parameters of the elliptic curve, which allows an attacker "to inject an invalid public key to determine the session key with a high probability," says the note CERT. "Such an attacker can then pbadively intercept and decrypt all messages from the device, and / or forge and inject malicious messages."
This security gap affects devices that use simple secure badociation and secure connections LE. The special Bluetooth interest group, which oversees communication protocol standards, said it would update its specifications to prevent clumsy implementations:
Until now, manufacturers of Concerned Bluetooth chipsets include Apple, Broadcom, Intel and Qualcomm. The status of Android is confusing: although it does not appear in the July monthly newsletter of the operating system project, phone and tablet manufacturers like LG and Huawei indicate that the bug has been fixed in the July update. Microsoft said itself unencrypted.
The CERT note indicates that patches are needed in both software and firmware, which should be obtained from manufacturers and developers, and installed – if possible. We guess random Bluetooth gadgets of small size, it will not be very easy to get an update from the suppliers, although you should have more luck with bigger brand equipment.
So, make sure you have been patched through the usual mechanisms of software update, or just pay attention to nearby snoops, and be prepared to thwart them, when pairing devices . Manufacturers were warned in January, it seems, so they had plenty of time to work on solutions.
Indeed, silicon vendor patches for CVE-2018-5383 are already being deployed among leading gadget and device manufacturers. updated in the last month.
Linux versions prior to version 3.19 do not support secure Bluetooth LE connections and are therefore not vulnerable, we are told. ®
Source link