Bluetooth exploits are not anything new on the hacking horizon but they can cause security risks to vulnerable devices. A new vulnerability, identified as CVE-2018-5383, fits the description of a great threat as it is a highly critical cryptographic flaw. The flaw, discovered by researchers at the Israel Institute of Technology, is related to the Secure Simple Pairing and LE Secure Connections features, security researchers reported.
Details about CVE-2018-5383 Bluetooth Vulnerability
The vulnerability could enable an unauthenticated, remote attacker in physical proximity to targets to intercept, monitor or manipulate their traffic. CVE-2018-5383 affects firmware from major vendors like Apple, Broadcom, Intel and Qualcomm.
The researchers identified that the Bluetooth specification recommends, but does not require, that a device supporting the Secure Simple Pairing or LE Secure Connections features validate the public key received over the air when pairing with a new device. It is possible that some vendors may have developed Bluetooth products that support those features but do not perform public key validation during the pairing procedure.
In case a vendor supports those features, connections between those devices could be vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic, the researchers added. A successful exploit requires the attacking device to be within wireless range of two vulnerable Bluetooth devices going through a pairing process.
Furthermore, “the attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window”. An attack is not possible in case only one device is prone to CVE-2018-5383.
Is there any mitigation?
According to the Bluetooth Special Interest Group (SIG) that maintains and improves the technology, there is. The group has updated the Bluetooth specification to require products to validate any public key received as part of public key-based security procedures.
In addition:
There is no evidence that the vulnerability has been exploited maliciously and the Bluetooth SIG is not aware of any devices implementing the attack having been developed, including by the researchers who identified the vulnerability. The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedy to our member companies, and is encouraging them to rapidly integrate any necessary patches.
Bluetooth users should install the latest recommended updates released by device and OS manufacturers.
That being said, Apple and Intel have already released patches addressing CVE-2018-5383. Apple has patched the vulnerability with the release of macOS High Sierra 10.13.5, iOS 11.4, watchOS 4.3.1, and tvOS 11.4.
As for Intel, the company released both software and firmware updates, and also alarmed users that the bug affects the company’s Dual Band Wireless-AC, Tri-Band Wireless-AC, and Wireless-AC product families. Broadcom products that support Bluetooth 2.1 or newer may also be impacted by the flaw. Nonetheless, the company says it has already prepared fixes for its OEM customers, who now need to deliver them to the end-users.