A new critical vulnerability has surfaced affecting some Bluetooth implementations of major vendors which include Apple, Broadcom, Intel, and Qualcomm. The vulnerability (CVE-2018-5383) affects the firmware of some Bluetooth devices and could allow a remote attacker in physical range of targeted devices to monitor, intercept, and manipulate the traffic that is exchanged. According to researchers, the two Bluetooth features affected are “Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software, and BR/EDR implementations of Secure Simple Pairing in device firmware.” It has been seen that the Bluetooth specification suggests but does not mandate devices supporting the two features to validate the public encryption key that is received over-the-air during secure pairing. Because the specification is optional, some of the vendors Bluetooth products that support these two features do not validate elliptic curve parameters which are used to generate public keys during the Diffie-Hellman key exchange. This means that a remote attacker within the range of the targeted devices during the pairing process could carry out a man-in-the-middle attack. As previously mentioned, Apple, Broadcom, Intel and Qualcomm products have been seen to be affected by the vulnerability while Google, Android and Linux have yet to confirm if their products are vulnerable. Apple, Intel, and Broadcom have released patches for the vulnerability while Qualcomm has yet to release a statement.
