2 Replies Latest reply on Aug 1, 2018 10:17 PM by FuDu_2380051

    Request patches for firmware/kernel/bluez for BCM4339/BCM4356/BCM4343 Bluetooth to avoid Invalid Curve Attack

    FuDu_2380051

      Issue: Bluetooth Invalid Curve attack.

      Ref:

      http://www.cs.technion.ac.il/~biham/BT/

      https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update

       

      Summary

      Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

       

      Impact

      • An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device.

      • The attacker can then intercept and decrypt and/or forge and inject device messages.

      • The attack exploits the vulnerability on both participating devices simultaneously. If any one of them is patched, the attack does not work

      • Every Bluetooth chip manufactured by Intel, Broadcom or Qualcomm is likely affected.

      • In addition, the Android Bluetooth stack (Bluedroid) is affected when using Bluetooth smart.

       

       

      Potential Impact

      • Potentially all products listed in this link below will be susceptible

      o https://www.nxp.com/products/wireless-connectivity/bluetooth-low-energy-ble:BLUETOOTH-LOW-ENERGY-BLE

      • Impacted vendor in the CERT CC website: Cypress/Broadcom BT modules are impacted.

       

       

       

      Since NXP i.MX6q/dl/sl/sx/ul/7d series products use Cypress/Braodcom bcm4339/bcm4356/bcm4343 modules, now bluetooth LE is not secure, NXP request to get formal patches for firmware/kernel/bluez bluethooth to avoid Invalid Curve Attack.