Serious Bluetooth Flaw Leaves Many Devices Open To Attack; Apple Has Already Patched It
A security flaw has been acknowledged by the Bluetooth official body, known as Bluetooth SIG. The issue is so serious that the Bluetooth specification has been altered following its discovery.
According to a report, the flaw could make it easier for an attacker to pair with a Bluetooth device by brute-forcing the pairing process.
In order for a Bluetooth connection to be established, but devices must agree. One device initiates the connection and the second acknowledges it following the exchange of keys. That allows the devices to confirm the identity of each other and encryption keys are then generated to secure the connection.
This newly announced flaw allows an attacker to interfere with the process that generates the encryption, allowing them to force devices to use a shorter encryption key. That then would allow access to be gained via brute force methods. Bluetooth SIG explains all in a new security notice.
The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used.
In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet.
In addition, the researchers identified that, even in cases where a Bluetooth specification did mandate a minimum key length, Bluetooth products exist in the field that may not currently perform the required step to verify the negotiated encryption key meets the minimum length. In such cases where an attacking device was successful in setting the encryption key to a shorter length, the attacking device could then initiate a brute force attack and have a higher probability of successfully cracking the key and then be able to monitor or manipulate traffic.
As a result of the security issue companies are being asked to update their devices to ensure encryption keys of at least seven octets are used. Apple has already updated its devices, with others set to follow suit.