How does a Bluetooth vulnerability enable validation attacks?

A recently discovered Bluetooth vulnerability enables a remote attacker to recover encryption keys generated by Bluetooth in some implementations. What is this Bluetooth vulnerability? How is it possible for attackers to recover encryption keys using it and how can it be mitigated?

A vulnerability was recently found that affects some Bluetooth implementations -- both in software drivers for OSes and in firmware.

This Bluetooth vulnerability occurs when users fail to do sufficient validation of the elliptic curve parameters that are used to generate public keys during the Elliptic-Curve Diffie-Hellman key exchange. This process occurs before the public keys are computed and exchanged to produce a shared pairing key for two Bluetooth devices.

The flawed implementations may be vulnerable to attackers attempting to gain access to device encryption keys.

In an improper validation scenario, an attacker launches a man-in-the-middle attack, allowing the attacker to sniff out the communication between the two vulnerable Bluetooth devices over the air within the wireless range. During a pairing procedure, an attacker can inject an invalid public key to find -- and steal -- the session key.

The session key can then be used to encrypt all the messages in a communication session between the sender -- the victim -- and the recipient -- the attacker. A victim then unknowingly uses the attacker's public key to encrypt a message before sending it to the attacker. Upon receipt of the message, the attacker uses the private key to decrypt it.

The attacker is able to inject malicious messages for the victim to read. Unless the victim notices that the messages are suspicious, they will be unaware of the attack.

While previous Bluetooth specifications didn't provide adequate instructions on the proper validation of public keys, they did recommend that vendors ensure their software drivers validated any public key they received.

To mitigate this Bluetooth vulnerability, the Bluetooth Special Interest Group updated the specifications to recommend that end users that validate public keys upgrade their Bluetooth implementations to versions that support these changes. It has also added testing for this vulnerability within its Bluetooth Testing Facility Qualification Program for testing laboratories.

While member companies have been contacted to apply the patches based on the new specifications, Bluetooth users should also install the latest updates from device and operating system manufacturers.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)