2 Replies Latest reply on Aug 1, 2018 10:17 PM by FuDu_2380051

    Request patches for firmware/kernel/bluez for BCM4339/BCM4356/BCM4343 Bluetooth to avoid Invalid Curve Attack


      Issue: Bluetooth Invalid Curve attack.






      Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.



      • An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device.

      • The attacker can then intercept and decrypt and/or forge and inject device messages.

      • The attack exploits the vulnerability on both participating devices simultaneously. If any one of them is patched, the attack does not work

      • Every Bluetooth chip manufactured by Intel, Broadcom or Qualcomm is likely affected.

      • In addition, the Android Bluetooth stack (Bluedroid) is affected when using Bluetooth smart.



      Potential Impact

      • Potentially all products listed in this link below will be susceptible

      o https://www.nxp.com/products/wireless-connectivity/bluetooth-low-energy-ble:BLUETOOTH-LOW-ENERGY-BLE

      • Impacted vendor in the CERT CC website: Cypress/Broadcom BT modules are impacted.




      Since NXP i.MX6q/dl/sl/sx/ul/7d series products use Cypress/Braodcom bcm4339/bcm4356/bcm4343 modules, now bluetooth LE is not secure, NXP request to get formal patches for firmware/kernel/bluez bluethooth to avoid Invalid Curve Attack.