Researchers at the Israel Institute of Technology have discovered a flaw in Bluetooth technology called CVE-2018-5383. The vulnerability would affect Apple, Qualdcomm, Intel and some Android smartphones. The CERT report from Carnegie Mellon University mentions that this flaw mainly affects secure single coupling and secure low power consumption (BLE) connections. They explain the flaw, by firmwares of the companies, which would not validate correctly the cryptographic keys at the time of the pairing of two objects. The vulnerability would thus develop “within the mechanism of securing key exchanges, called ECDH or Diffie-Hellman with elliptic curve“.
With the appearance of this breach, cyber attackers could intervene at the time of key exchange by injecting themselves a dummy key within a radius of 30 meters. However, this type of attack called “man in the middle” remains difficult to achieve according to the group responsible for Bluetooth certification, the Bluetooth SIG. According to him, a few clarifications are to be made. The pirate would have to be within 30 meters of the exchange (which lasts only a few seconds) and both devices would both be vulnerable. After these explanations, the Bluetooth SIG also updated the Bluetooth spécifications “by requiring firmware providers to validate all public keys received during an exchange“. Manufacturers have also been responsive. Apple, Qualcomm and Broadcom have updated their Bluetooth modules and LG and Huawei have implemented a security update for those who own their devices.