Highly critical Bluetooth vulnerability affects millions of devices from major vendors

Details: Written by Sowmya Soundar

A highly critical vulnerability in Bluetooth implementation indexed as CVE-2018-5383, is exploited in the wild by potential attackers to intercept, oversee or manipulate the traffic the victims exchange through them. This flaw is due to improper validation of elliptic curve parameters that are used in generating the public keys in Diffie-Hellman key exchange and thereby allowing the attacker to obtain the encryption key that is used by the device.

Bluetooth utilizes the device pairing mechanism based on Elliptic Curve Diffie Hellman (ECDH) key exchange to allow secure communication between the devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. In some implementations, the elliptic curve parameters are not validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages.

Both Bluetooth low energy (LE) implementations of Secure Connections Pairing in the operating system and Base Rate/ Enhanced Data Rate (BR/EDR) implementations of Secure Simple Pairing in device firmware are affected.