CYBER NEWS

CVE 2018-5383-Vulnerabilidade Bluetooth Impactos da Apple, Intel

Bluetooth façanhas não são nada de novo no horizonte de hackers, mas eles podem causar riscos de segurança para dispositivos vulneráveis. Uma nova vulnerabilidade, identificado como CVE-2018-5383, fits the description of a great threat as it is a highly critical cryptographic flaw. o falha, discovered by researchers at the Israel Institute of Technology, is related to the Secure Simple Pairing and LE Secure Connections features, pesquisadores de segurança relataram.




Details about CVE-2018-5383 Bluetooth Vulnerability

The vulnerability could enable an unauthenticated, remote attacker in physical proximity to targets to intercept, monitor or manipulate their traffic. CVE-2018-5383 affects firmware from major vendors like Apple, Broadcom, Intel and Qualcomm.

The researchers identified that the Bluetooth specification recommends, but does not require, that a device supporting the Secure Simple Pairing or LE Secure Connections features validate the public key received over the air when pairing with a new device. It is possible that some vendors may have developed Bluetooth products that support those features but do not perform public key validation during the pairing procedure.

In case a vendor supports those features, connections between those devices could be vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic, os pesquisadores acrescentaram. A successful exploit requires the attacking device to be within wireless range of two vulnerable Bluetooth devices going through a pairing process.

além disso, “the attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window”. An attack is not possible in case only one device is prone to CVE-2018-5383.

Story relacionado: Os mais populares ferramentas de Hacking em 2017

Is there any mitigation?

According to the Bluetooth Special Interest Group (SIG) that maintains and improves the technology, Há sim. The group has updated the Bluetooth specification to require products to validate any public key received as part of public key-based security procedures.

além do que, além do mais:

There is no evidence that the vulnerability has been exploited maliciously and the Bluetooth SIG is not aware of any devices implementing the attack having been developed, including by the researchers who identified the vulnerability. The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedy to our member companies, and is encouraging them to rapidly integrate any necessary patches.

Bluetooth users should install the latest recommended updates released by device and OS manufacturers.

Dito, Apple and Intel have already released patches addressing CVE-2018-5383. Apple has patched the vulnerability with the release of macOS High Sierra 10.13.5, iOS 11.4, watchOS 4.3.1, e tvOS 11.4.

As for Intel, the company released both software and firmware updates, and also alarmed users that the bug affects the company’s Dual Band Wireless-AC, Tri-Band Wireless-AC, and Wireless-AC product families. Broadcom products that support Bluetooth 2.1 or newer may also be impacted by the flaw. Não obstante, the company says it has already prepared fixes for its OEM customers, who now need to deliver them to the end-users.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...