Bluetooth firmware or operating system software drivers in macOS versions prior to 10.13, High Sierra and iOS versions prior to 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote malicious user to obtain the encryption key used by the device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 8.0 |
||
google android 8.1 |
||
google android 6.0.1 |
||
google android 7.0 |
||
google android 7.1.1 |
||
google android 7.1.2 |
||
google android 6.0 |
||
apple iphone os |
||
apple mac os x |
Crypto cockup lets middle-people spy on connections after snooping on device pairing
With a bunch of security fixes released and more on the way, details have been made public of a Bluetooth bug that potentially allows miscreants to commandeer nearby devices. This Carnegie-Mellon CERT vulnerability advisory on Monday laid out the cryptographic flaw: firmware or operating system drivers skip a vital check during a Diffie-Hellman key exchange between devices. The impact: a nearby eavesdropper could “intercept and decrypt and/or forge and inject device messages” carried over Bl...