Big bad Bluetooth blunder bug battered – check for security fixes
Crypto cockup lets middle-people spy on connections after snooping on device pairing
With a bunch of security fixes released and more on the way, details have been made public of a Bluetooth bug that potentially allows miscreants to commandeer nearby devices.
This Carnegie-Mellon CERT vulnerability advisory on Monday laid out the cryptographic flaw: firmware or operating system drivers skip a vital check during a Diffie-Hellman key exchange between devices.
The impact: a nearby eavesdropper could “intercept and decrypt and/or forge and inject device messages” carried over Bluetooth Low Energy and Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) wireless connections between gizmos.
In other words, you can potentially snoop on supposedly encrypted communications between two devices to steal their info going over the air, and inject malicious commands. To pull this off, you must have been within radio range and transmitting while the gadgets were initially pairing.
The security weakness crept into pairing implementations that use Diffie-Hellman key exchanges. During pairing, the two devices are meant to create a shared secret key based on an exchange of their public keys, and during that process, the two ends of the conversation agree on the elliptic curve parameters they use.
Some implementations don't validate all the elliptic curve parameters, and that lets an attacker “inject an invalid public key to determine the session key with high probability,” the CERT note explained. “Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages.”
This security shortcoming affects devices that use Secure Simple Pairing and LE Secure Connections. The Bluetooth Special Interest Group, which oversees the communication protocol's standards, said it will update its specifications to prevent goofy implementations:
Researchers at the Israel Institute of Technology identified a security vulnerability in two related Bluetooth features: Secure Simple Pairing and LE Secure Connections.
The researchers identified that the Bluetooth specification recommends, but does not require, that a device supporting the Secure Simple Pairing or LE Secure Connections features validate the public key received over the air when pairing with a new device.
It is possible that some vendors may have developed Bluetooth products that support those features but do not perform public key validation during the pairing procedure. In such cases, connections between those devices could be vulnerable to a man-in-the-middle attack that would allow for the monitoring or manipulation of traffic.
The bug's status in Android is confusing: while it doesn't appear in the operating system project's July monthly bulletin, phone and tablet manufacturers like LG and Huawei list the bug as being patched in the, er, July security update. Microsoft has declared itself in the clear.
The CERT note says fixes are needed both in software and firmware, which should be obtained from manufacturers and developers, and installed – if at all possible. We're guessing for random small-time Bluetooth gizmos, it won't be very easy to prise an update out of the vendors, although you should have better luck with bigger brand gear.
So, make sure you're patched via the usual software update mechanisms, or just look out for nearby snoops, and be ready to thwart them, when pairing devices. Manufacturers were warned in January, it appears, so have had plenty of time to work on solutions.
Linux versions prior to 3.19 don't support Bluetooth LE Secure Connections and are therefore not vulnerable, we're told. ®