The Bluetooth flaw also opens door to a man-in-the-middle attack.
The IT security researchers at Israel Institute of Technology have discovered a critical security vulnerability in some implementations of the Bluetooth standard in which not all the parameters involved are appropriately validated by the cryptographic algorithm.
If the vulnerability is exploited it can allow a remote attacker within the range of vulnerable devices to inject an arbitrary public key during the pairing process, which could result in the link key being highly likely to occur.
If exploited successfully, this vulnerability could allow attackers to intercept and decrypt all messages exchanged between devices or to enter malicious data within the communication. Furthermore, the vulnerability also opens door to a man-in-the-middle attack that would let attackers monitor or manipulate traffic.
According to researchers, the vulnerability exists in the firmware of several devices of different manufacturers and affects both low energy (LE) and enhanced data rate (EDR) Bluetooth implementations.
Following the discovery of this vulnerability, the Bluetooth Special Interest Group (SIG) has updated the Bluetooth specification to request the validation of any public key received under public key security procedures, thus providing a solution for this vulnerability to the level of definition of the protocol.
“The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful,” said the Bluetooth SIG
Among the vulnerable implementations are those of manufacturers such as Apple, Broadcom, Intel, and Qualcomm. As surprising as it sounds the vulnerability does not affect Microsoft Windows. As for other systems, including Android and Linux, there is currently no precise information on the presence or absence of this vulnerability.
This is the second time since 2017 that researchers have found vulnerability affecting Bluetooth. In September 2017, researchers discovered a BlueBorne vulnerability which affected millions of smartphones, Internet of Things (IoT) devices and personal computers.