Security News > 2018 > July > Bluetooth vulnerability allows snooping of traffic between paired devices

Bluetooth vulnerability allows snooping of traffic between paired devices
2018-07-24 18:48

Researchers Eli Biham and Lior Neumann have discovered a vulnerability in two Bluetooth features that could be exploited by attackers to gain a man-in-the-middle position and to monitor and fiddle with the traffic between two devices connected via that wireless technology. “Both Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software and BR/EDR implementations of Secure Simple Pairing in device firmware may be affected,” the Carnegie-Mellon CERT notes. The vulnerability (CVE-2018-5383) … More → The post Bluetooth vulnerability allows snooping of traffic between paired devices appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/eC94X2X1kvs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-08-07 CVE-2018-5383 Improper Verification of Cryptographic Signature vulnerability in multiple products
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
high complexity
google apple CWE-347
6.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bluetooth 4 0 9 7 0 16