Bluetooth vulnerability could allow an attacker intercept data2018-07-24 14:37 by Daniela
A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices.
In other words, you can potentially snoop on supposedly encrypted communications between two devices to steal their info going over the air, and inject malicious commands. To pull this off, you must have been within radio range and transmitting while the gadgets were pairing.
Devices containing Bluetooth from a range of vendors—including Apple, Intel, Broadcom and Qualcomm—are all affected.
As the CERT notification explains, the vulnerability is caused by some vendors' Bluetooth implementations not properly validating the cryptographic key exchange when Bluetooth devices are pairing. The flaw slipped into the Bluetooth key exchange implementation which uses the elliptic-curve Diffie-Hellman (ECDH) key exchange to establish a secure connection over an insecure channel.
The CERT note says fixes are needed both in software and firmware, which should be obtained from manufacturers and developers, and installed – if at all possible.
Read more -here-