Crypto bug in bluetooth ans OS drivers

A newly identified vulnerability starts hovering over the cyberworld posing no less threat to umpteen numbers of Bluetooth and OS drivers. Popularly known as cryptographic bug, the vulnerability allows a hacker to get crucial data exchanged between two smart devices with the help of Bluetooth connection . The experts who claimed to have discovered the bug in question said it affects the Bluetooth operation system of many hardware vendors. But basically it targets Intel, Apple, Broadcom and Qualcomm. A cryptographc bug affects the pairing devices since there is hardly any encryption mechanism in the Bluetooth connections. Named as CVE-2018-5383, the bug was spotted by a small group of experts who are attached to the Israel Institute of Technology and Lior Neumann. A stunnedCERT/CC has already released a slew of security advisories narrating the vulnerability. According to these researchers, Bluetooth keeps running a mechanism of elliptic-curve Diffie-Hellman (ECDH) and it allows an encrypted communication between the two devices. ECDH, in pairs have both private and public side of key where the public key is meant to produce a shared pairing key. The cyber experts say these devices in operation do run on the elliptic curve in parameters. On the other hand, Intel, Qualcomm, Apple and Broadcom have categorically admitted the adverse impact on the Bluetooth and OS drivers forcing them to put in place the fixes in the face of the bug. The Bluetooth Special Interest Group (SIG), that monitors development of Bluetooth, had come out with a statement on the bug while others have not been able to ascertain it. The devices should be within a wireless range of the two bug in the Bluetooth devices which must seize the public key exchange and for this the transmission needs to be blocked. Both sending and receiving devices should keep exchanging signals of the activities in the process in all stages.

A successful attack entails vulnerability in both the devices. According to the cybersecurity experts, they are hardly in the know of any attack where vulnerability is at work.

Leave a Reply