Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2133
Bluetooth implementations may not sufficiently validate elliptic curve
parameters during Diffie-Hellman key exchange
24 July 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Bluetooth devices
Publisher: CERT
Operating System: UNIX variants (UNIX, Linux, OSX)
Apple iOS
Android
Firmware
Impact/Access: Access Privileged Data -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-5383
Reference: ESB-2018.1987.2
Original Bulletin:
https://www.kb.cert.org/vuls/id/304725
- --------------------------BEGIN INCLUDED TEXT--------------------
Vulnerability Note VU#304725
Bluetooth implementations may not sufficiently validate elliptic curve
parameters during Diffie-Hellman key exchange
Original Release date: 23 Jul 2018 | Last revised: 23 Jul 2018
Overview
Bluetooth firmware or operating system software drivers may not sufficiently
validate elliptic curve parameters used to generate public keys during a
Diffie-Hellman key exchange, which may allow a remote attacker to obtain the
encryption key used by the device.
Description
CWE-325: Missing Required Cryptographic Step - CVE-2018-5383
Bluetooth utilizes a device pairing mechanism based on elliptic-curve
Diffie-Hellman (ECDH) key exchange to allow encrypted communication between
devices. The ECDH key pair consists of a private and a public key, and the
public keys are exchanged to produce a shared pairing key. The devices must
also agree on the elliptic curve parameters being used. Previous work on the
"Invalid Curve Attack" showed that the ECDH parameters are not always validated
before being used in computing the resulted shared key, which reduces attacker
effort to obtain the private key of the device under attack if the
implementation does not validate all of the parameters before computing the
shared key.
In some implementations, the elliptic curve parameters are not all validated by
the cryptographic algorithm implementation, which may allow a remote attacker
within wireless range to inject an invalid public key to determine the session
key with high probability. Such an attacker can then passively intercept and
decrypt all device messages, and/or forge and inject malicious messages.
Both Bluetooth low energy (LE) implementations of Secure Connections Pairing in
operating system software and BR/EDR implementations of Secure Simple Pairing
in device firmware may be affected. Bluetooth device users are encouraged to
consult with their device vendor for further information.
Since the vulnerability was identified, the Bluetooth SIG has updated the
Bluetooth specifications to require validation of any public key received as
part of public key-based security procedures, thereby providing a remedy to the
vulnerability from a specification perspective. In addition, the Bluetooth SIG
has added testing for this vulnerability within its Bluetooth Qualification
Program. The Bluetooth SIG has also released a public statement regarding the
vulnerability.
Impact
An unauthenticated, remote attacker within range may be able to utilize a
man-in-the-middle network position to determine the cryptographic keys used by
the device. The attacker can then intercept and decrypt and/or forge and inject
device messages.
Solution
Apply an update
Both software and firmware updates are expected over the coming weeks. Affected
users should check with their device vendor for availability of updates.
Further information for vendors is provided in the Vendor Status section below.
Vendor Information (Learn More)
Vendor Status Date Notified Date Updated
Apple Affected 18 Jan 2018 23 Jul 2018
Broadcom Affected 18 Jan 2018 19 Jun 2018
Intel Affected 18 Jan 2018 23 Jul 2018
QUALCOMM Incorporated Affected 18 Jan 2018 06 Feb 2018
Microsoft Not Affected 06 Feb 2018 20 Jul 2018
Android Open Source Project Unknown 18 Jan 2018 18 Jan 2018
Bluetooth SIG Unknown 06 Feb 2018 06 Feb 2018
Google Unknown 19 Mar 2018 19 Mar 2018
Linux Kernel Unknown 05 Mar 2018 05 Mar 2018
If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Group Score Vector
Base 7.3 AV:A/AC:M/Au:N/C:C/I:C/A:N
Temporal 5.7 E:POC/RL:OF/RC:C
Environmental 5.7 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References
o https://www.bluetooth.com/news/unknown/2018/07/
bluetooth-sig-security-update
o http://cwe.mitre.org/data/definitions/325.html
Credit
Thanks to Lior Neumann and Eli Biham for reporting this vulnerability.
This document was written by Garret Wassermann.
Other Information
o CVE IDs: CVE-2018-5383
o Date Public: 23 Jul 2018
o Date First Published: 23 Jul 2018
o Date Last Updated: 23 Jul 2018
o Document Revision: 62
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW1ag+maOgq3Tt24GAQhWfRAA1xSctZS91mhI9GY7vfujLtPgvHMaC3IU
2T4FGWgh0gfs7gbAIqpX0hCvDNVXuKYVv+NqBnysKDTOP/bMdXZf30+vobPbUhXf
0dVM/lICUuV1canNTrRWKi3NAQivhvXg7aifr3gBkX9XnAHxxi1XrhoHkMrMFLW7
mISQGG3ZJ9FqsuFqQ0yFCofQgP5ZPSLdLzIsQlRmBd2+HlJjmsgQumtAvUoTYWpL
g3t7g6VjR8EAacyz2j88dXBMf/xrP/I1gPqDDTuSK7iPI4Pv2SO9NlNPpx64bWtt
qfefTn2/F8KQaCBNLECeH/RS6WyIXGIsZf+tQEk3OEPQWgFJX8FdDXpD007M8di3
JAsPEQmwztca9F/mYuU+7BegF5055Lo9V5EVCvw26AEKx4aFL3HUuVeF6TADpZ4d
T2fK1uBXJ54dFrmWnuZy5lO6yQWzC1nrvrnZR82Itmtjcr9nveeVN7nPdtwMc2yj
XeHMu02rvfJIkaTxSMv7w77xoqcpI3zTySwzEs80YwDce2wZTsnqwEtNgm/uIACz
Q/nnjksEAQH94h9uWw5Ev7h7g7mVH67WrobduuyHzbUCIxDTuoym3WLcNhcZmG8l
Mwl0N6b0YFwPWU6EZxLB5wOUTOeAdMpQ1S2xWxSAZsBYwRuPfKkBHPsHEzSuJryb
AaQKWrqE2cc=
=y/Ig
-----END PGP SIGNATURE-----