Return-Path: From: Andy Duan To: "rtatiya@codeaurora.org" , "luiz.von.dentz@intel.com" , "marcel@holtmann.org" , "johan.hedberg@intel.com" , Asim Zaidi CC: "linux-bluetooth@vger.kernel.org" Subject: BlueZ: How to avoid fixed Coordinate Invalid Curve Attack Date: Tue, 28 Aug 2018 09:42:22 +0000 Message-ID: Content-Type: multipart/alternative; boundary="_000_VI1PR0402MB3600BAF04C81783B3A119AB6FF0A0VI1PR0402MB3600_" MIME-Version: 1.0 List-ID: --_000_VI1PR0402MB3600BAF04C81783B3A119AB6FF0A0VI1PR0402MB3600_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, Do you have patches for BlueZ to avoid Bluetooth curve attack ? As I know, Many vendors supply Android Flueride host fixes & Firmware fixes= to avoid the curve attack, but BlueZ community doesn't have the topic. Doe= s there have plan to fix the hole ? Summary Bluetooth firmware or operating system software drivers may not sufficientl= y validate elliptic curve parameters used to generate public keys during a = Diffie-Hellman key exchange, which may allow a remote attacker to obtain th= e encryption key used by the device. Impact * An unauthenticated, remote attacker within range may be able to utili= ze a man-in-the-middle network position to determine the cryptographic keys= used by the device. * The attacker can then intercept and decrypt and/or forge and inject d= evice messages. * The attack exploits the vulnerability on both participating devices s= imultaneously. If any one of them is patched, the attack does not work * Every Bluetooth chip manufactured by Intel, Broadcom or Qualcomm is l= ikely affected. NXP Potential Impact * Potentially all products listed in this link below will be susceptib= le * https://www.nxp.com/products/wireless-connectivity/bluetooth-low-e= nergy-ble:BLUETOOTH-LOW-ENERGY-BLE * All i.MX BSP Android and Linux BSP releases that support Bluetooth ch= ipsets will probably impacted and require patching * NXP has currently not been listed as an impacted vendor in the CERT C= C website Mitigation * Both software and firmware updates will be required * Looks like Android included this in their June Release for Broadcom, = Qualcomm a BT chipsets. * https://source.android.com/security/bulletin/2018-06-01 * Linux BT driver updates will also be required * Apparently Linux versions prior to 3.19 don't support Bluetooth LE= Secure Connections and are therefore not vulnerable Regards, Andy Duan --_000_VI1PR0402MB3600BAF04C81783B3A119AB6FF0A0VI1PR0402MB3600_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi all,

Do you have patches for BlueZ to avoid Bluetooth= curve attack ?

As I know, Many vendors supply Android Flueride = host fixes & Firmware fixes to avoid the curve attack, but BlueZ commun= ity doesn’t have the topic. Does there have plan to fix the hole ?

 

Summary

Bluetooth firmwar= e or operating system software drivers may not sufficiently validate ellipt= ic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attack= er to obtain the encryption key used by the device.

Impact

  • An unauthenticated, remote attacker within range may b= e able to utilize a man-in-the-middle network position to determine the cry= ptographic keys used by the device.
  • The attacker can then intercept and decrypt and/or for= ge and inject device messages.
  • The attack exploits the vulnerability on both particip= ating devices simultaneously. If any one of them is patched, the attack doe= s not work
  • Every Bluetooth chip manufactured by Intel, Broadcom o= r Qualcomm is likely affected.

 NXP Potential Impact
  • NXP has currently not been li= sted as an impacted vendor in the CERT CC website

 Mitigation

  • Both software and firmware updates will be required
  • Looks like Android included this in their June Release= for Broadcom, Qualcomm a BT chipsets.
  • Linux BT driver updates will also be required
    • Apparently Linux versions prior to 3.19 don't support = Bluetooth LE Secure Connections and are therefore not vulnerable=

 

 

Regards,

Andy Duan

--_000_VI1PR0402MB3600BAF04C81783B3A119AB6FF0A0VI1PR0402MB3600_--