Intel published the details of a new Bluetooth security vulnerability this week, that could allow a nearby bad guy to gain authorized access to a device, allowing them to intercept traffic and sending forged pairing message between two vulnerable Bluetooth-enabled objects.
A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.
The vulnerability affects Bluetooth implementations and operating system drivers used by Apple, Broadcom, Intel, and Qualcomm. Luckily, Apple has already patched the vulnerability in its operating systems.
The Bluetooth Special Interest Group (SIG) says it’s not likely that many users were actually impacted, as both devices would need to have the vulnerability..
For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.
Apple included a fix for the vulnerability in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1, so users of those devices can breathe easily.