Hi all,
Do you have patches for BlueZ to avoid Bluetooth curve attack ?
As I know, Many vendors supply Android Flueride host fixes & Firmware fixes to avoid the curve attack, but BlueZ community doesn't have the topic. Does there have plan to fix the hole ?
Summary
Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Impact
* An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device.
* The attacker can then intercept and decrypt and/or forge and inject device messages.
* The attack exploits the vulnerability on both participating devices simultaneously. If any one of them is patched, the attack does not work
* Every Bluetooth chip manufactured by Intel, Broadcom or Qualcomm is likely affected.
NXP Potential Impact
* Potentially all products listed in this link below will be susceptible
* https://www.nxp.com/products/wireless-connectivity/bluetooth-low-energy-ble:BLUETOOTH-LOW-ENERGY-BLE<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.nxp.com%2Fproducts%2Fwireless-connectivity%2Fbluetooth-low-energy-ble%3ABLUETOOTH-LOW-ENERGY-BLE&data=02%7C01%7Cfugang.duan%40nxp.com%7C7e9ffc5ca0a74d3c79a808d5f7572b4d%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636686876125441293&sdata=iqe9ggsKa%2FQzioW3Wy6KYro%2FQw8zMAVR%2F6MmjgDsAGU%3D&reserved=0>
* All i.MX BSP Android and Linux BSP releases that support Bluetooth chipsets will probably impacted and require patching
* NXP has currently not been listed as an impacted vendor in the CERT CC website<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.kb.cert.org%2Fvuls%2Fid%2F304725&data=02%7C01%7Cfugang.duan%40nxp.com%7C7e9ffc5ca0a74d3c79a808d5f7572b4d%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636686876125451302&sdata=4JCI27G1t3tf8qd5W01s5d8Oxh4UOD8DXFASfslRiaI%3D&reserved=0>
Mitigation
* Both software and firmware updates will be required
* Looks like Android included this in their June Release for Broadcom, Qualcomm a BT chipsets.
* https://source.android.com/security/bulletin/2018-06-01<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsource.android.com%2Fsecurity%2Fbulletin%2F2018-06-01&data=02%7C01%7Cfugang.duan%40nxp.com%7C7e9ffc5ca0a74d3c79a808d5f7572b4d%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636686876125461314&sdata=ga8hK0rQvzVmttAWh1EgJay04BrivKezVqLvZgjwfR8%3D&reserved=0>
* Linux BT driver updates will also be required
* Apparently Linux versions prior to 3.19 don't support Bluetooth LE Secure Connections and are therefore not vulnerable
Regards,
Andy Duan
RnJvbTogTWFyY2VsIEhvbHRtYW5uIDxtYXJjZWxAaG9sdG1hbm4ub3JnPiAgU2VudDogMjAxOMTq
ONTCMjnI1SAyOjM2DQo+IEhpIEFzaW0sDQo+IA0KPiA+IElzIHRoaXMgdGhlIHBhdGNoIHlvdSBh
cmUgcmVmZXJyaW5nIHRvPw0KPiA+DQo+ID4NCj4gaHR0cHM6Ly9lbWVhMDEuc2FmZWxpbmtzLnBy
b3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnANCj4gYXQNCj4gPg0KPiBj
aHdvcmsua2VybmVsLm9yZyUyRnBhdGNoJTJGOTk3NjIzMyUyRiZhbXA7ZGF0YT0wMiU3QzAxJTdD
ZnVnDQo+IGFuZy5kdWFuJQ0KPiA+DQo+IDQwbnhwLmNvbSU3Q2VjZjQxMTlkNjAxMjQ4YzI0OWI5
MDhkNjBkMTUxMzhmJTdDNjg2ZWExZDNiYzINCj4gYjRjNmZhOTJjZDk5DQo+ID4NCj4gYzVjMzAx
NjM1JTdDMCU3QzAlN0M2MzY3MTA3ODE1MDc5NzAzMjAmYW1wO3NkYXRhPVAlMkZxVXlFDQo+IFJL
WG9meWlDTEUlMkYNCj4gPiBUcU04Z2pjVDhUNktJcE9OaWRVNkE5MXRjTSUzRCZhbXA7cmVzZXJ2
ZWQ9MA0KPiANCj4gbm8gaXQgaXMgbm90LiBUaGUgcGF0Y2ggeW91IGFyZSBsb29raW5nIGZvciBp
cyB0aGlzOg0KPiANCj4gY29tbWl0IGVhMTY5YTMwYTZiZjY3ODJhMDVhNTFkMmI5Y2Y3M2RiMTUx
ZWFiOGINCj4gQXV0aG9yOiBTdGVwaGFuIE11ZWxsZXIgPHNtdWVsbGVyQGNocm9ub3guZGU+DQo+
IERhdGU6ICAgTW9uIEp1biAyNSAxMjowMDoxOCAyMDE4ICswMjAwDQo+IA0KPiAgICAgY3J5cHRv
OiBlY2RoIC0gYWRkIHB1YmxpYyBrZXkgdmVyaWZpY2F0aW9uIHRlc3QNCj4gDQo+IEl0IGZvbGxv
d3MgY2xvc2VseSB0aGUgTklTVCByZWNvbW1lbmRhdGlvbiBmb3IgcHVibGljIGtleSByZW1tb21l
bg0KPiBSZWdhcmRzDQo+IA0KPiBNYXJjZWwNCg0KSGkgTWFjZWwsDQoNClRoYW5rcyBmb3IgeW91
ciBpbmZvcm1hdGlvbiAhDQoNCkZvciB2NC4xNC92NC45IHN0YWJsZSB0cmVlLCAgd2h5IGRvZXMg
dGhlIHBhdGNoIG5vdCBhcHBseSBpbiB2NC4xNCwgIGRvIHlvdSBoYXZlIHBsYW4gdG8gZG8gYmFj
a3BvcnRpbmcgdG8gdjQuMTQgc3RhYmxlIHRyZWWjvyANCkkgcGxhbiBjaGVycnkgcGljayBjcnlw
dG8vZWNjLmMgc29tZSBwYXRjaCBhbmQgdGhlIHBhdGNoICJjcnlwdG86IGVjZGggLSBhZGQgcHVi
bGljIGtleSB2ZXJpZmljYXRpb24gdGVzdCAiIHRvIHY0LjkgYW5kIHY0LjE0IE5YUCBJTVgga2Vy
bmVsIHRyZWUuDQoNCkFuZHkgRHVhbg0K
Hi Asim,
> Is this the patch you are referring to?
>
> https://patchwork.kernel.org/patch/9976233/
no it is not. The patch you are looking for is this:
commit ea169a30a6bf6782a05a51d2b9cf73db151eab8b
Author: Stephan Mueller <[email protected]>
Date: Mon Jun 25 12:00:18 2018 +0200
crypto: ecdh - add public key verification test
It follows closely the NIST recommendation for public key remmomen
Regards
Marcel
Hi Marcel,
Is this the patch you are referring to?
https://patchwork.kernel.org/patch/9976233/
If not can you kindly point us to the patch that has been accepted in the mainline to address this vulnerability.
Kind Regards
Asim
NXP PSIRT
-----Original Message-----
From: Marcel Holtmann <[email protected]>
Sent: Tuesday, August 28, 2018 4:56 AM
To: Andy Duan <[email protected]>
Cc: [email protected]; Luiz Augusto von Dentz <[email protected]>; Johan Hedberg <[email protected]>; Asim Zaidi <[email protected]>; [email protected]
Subject: Re: BlueZ: How to avoid fixed Coordinate Invalid Curve Attack
Hi Andy,
> Do you have patches for BlueZ to avoid Bluetooth curve attack ?
>
> As I know, Many vendors supply Android Flueride host fixes & Firmware fixes to avoid the curve attack, but BlueZ community doesn’t have the topic. Does there have plan to fix the hole ?
the Linux kernel crypto subsystem and its ECDH support has a patch to ensure that the public key is validated before calculating the shared secret.
Regards
Marcel
Hi Andy,
> Do you have patches for BlueZ to avoid Bluetooth curve attack ?
>
> As I know, Many vendors supply Android Flueride host fixes & Firmware fixes to avoid the curve attack, but BlueZ community doesn’t have the topic. Does there have plan to fix the hole ?
the Linux kernel crypto subsystem and its ECDH support has a patch to ensure that the public key is validated before calculating the shared secret.
Regards
Marcel