Bluetooth Security Vulnerability Discovered, but Apple's Fix is Already in Place

Upcoming

November 27

Apple retailers offering big discounts on iPhones, Macs, iPads and more for Black Friday.

Early 2021?

The AirPods Studio are Apple's rumored high-end over-ear headphones that are rumored to launch in early 2021 for $349. AirPods Studio will feature Active Noise Cancellation, swappable ear cups, and more.

iMac

Early 2021?

iPad Pro-like design? New screen sizes?

AirTags

Early 2021?

Apple is working on a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.

• Apple Glasses

• iPhone 13

• Foldable iPhone

See full product calendar

A newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

From Intel's explanation:

A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.

As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

Tag: Bluetooth

Top Rated Comments

Fall Under Cerulean Kites

31 months ago

This may result in information disclosure, elevation of privilege and/or denial of service.

Bluetooth pairing is so poor as it is, how would one even recognize they were being DoS’d?

Score: 10 Votes (Like | Disagree)

macintoshmac

Why are Microsoft devices not affected? :oops:

Score: 4 Votes (Like | Disagree)

macduke

Security through obscurity.

Cougarcat

Only High Sierra? Did the Sierra security update fix this?

Score: 3 Votes (Like | Disagree)

m0sher

I’m just impressed by the time we hear the news, it’s already been fixed. Good job. :)

fairuz

Yo, maybe we can exploit this instead of fixing it. That way I can finally forcibly auto-pair my stuff instead of going through the painful pairing process manually!

Jokes aside, this is yet another reason I keep Bluetooth disabled forever (the other big one being that it's a PitA). It's like Adobe Flash, a new vulnerability every few months.
[doublepost=1532463234][/doublepost]

HS, Sierra, and El Cap are patched: https://support.apple.com/en-us/HT208937
Edit: Not actually sure cause the Bluetooth subsection says something different.

Score: 2 Votes (Like | Disagree)

Read All Comments