Skip to main content

Bluetooth Vulnerability Allows Hackers To Access Devices 

By July 31, 2018June 3rd, 2022Cybersecurity

There’s a new Bluetooth security vulnerability to be aware of, tracked as CVE-2018-5383, and it’s a nasty one.

It’s a cryptographic vulnerability that affects firmware or operating system software drivers from a number of major vendors, including Qualcomm, Broadcom, Intel and Apple.  At this point, the implication of the bug on Linux, Android, and Google are unknown.

The flaw is related to two important Bluetooth features:  BR/EDR implementations of Secure Simple Pairing in device firmware and Bluetooth Low Energy (BLE) of Secure Connections Pairing in OS system software.

It was discovered by researchers operating out of Israel’s Institute of Technology. They discovered that the Bluetooth specification recommends (but critically does not mandate) that devices supporting the two features make any effort to validate the public encryption key received during secure pairing.

Since the specification is optional, it’s hardly a surprise that some vendors producing Bluetooth products do not take sufficient steps to validate the parameters used to generate public keys during the exchange.

This allows a would-be hacker the possibility of executing a man-in-the-middle attack to obtain the cryptographic key used by the device. This would give them the opportunity to not only spy on the device’s owner, but also to inject malware that could allow the hacker to take full control over the device.

SIG (the Bluetooth Special Interest Group which maintains the technology), had this to say about the flaw:

“For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure.

The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window.  If only one device had the vulnerability, the attack would not be successful.”

Bluetooth SIG has now updated the specification to require products to validate public keys received as part of the public key-based security procedures.  Of the manufacturers mentioned above, Apple and Intel have both released patches. Broadcom has made fixes available to its OEM customers who are responsible for providing them to end-users. There has been no word yet from Qualcomm.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.