Bluetooth Security Vulnerability Fixed by Updating Core Specifications, Apple Issues Patch

Bluetooth menu iPhone

Bluetooth SIG has deemed a recently found flaw a serious threat to security and has promptly fixed the same. As part of the solution, the Bluetooth specifications have been changed.

The Bluetooth vulnerability allowed attackers to break into the encryption setup and reset the encryption key to something that is much shorter. The attackers could potentially bring down the level of encryption by reducing it to a single character. Once this is done, the attacker will try out all the combinations and use brute force for pairing with the device.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were establishing a BR/EDR connection. If one of the devices did not have the vulnerability, then the attack would not be successful. The attacking device would need to intercept, manipulate, and retransmit key length negotiation messages between the two devices while also blocking transmissions from both, all within a narrow time window.

If the attacking device was successful in shortening the encryption key length used, it would then need to execute a brute force attack to crack the encryption key.  In addition, the attacking device would need to repeat the attack each time encryption gets enabled since the encryption key size negotiation takes place each time.”

Bluetooth SIG has updated the core specification and now recommends a minimum encryption key length of 7 octets for BR/EDR connections. The new specification will be tested via the Bluetooth Qualification Program. Furthermore, the SIG also recommends developers to update the existing solutions and switch it to a minimum encryption key length of 7 octets for BR/EDR connections. Apple has implemented the changes on all of its devices. In other words, the Bluetooth vulnerability is patched on Apple Devices.

[via Bluetooth]