TTCSIRT-148.072418: TT-CSIRT Advisory – Bluetooth Security Updates
CERT has released a security update stating that Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange.
This may allow an unauthenticated, remote attacker to be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device thereby allowing the interception, decryption and injection of device messages.
Further information on this vulnerability can be found on the CERT Website at https://www.kb.cert.org/vuls/id/304725 |