TTCSIRT-148.072418: TT-CSIRT Advisory – Bluetooth Security Updates
CERT has released a security update stating that Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange.
This may allow an unauthenticated, remote attacker to be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device thereby allowing the interception, decryption and injection of device messages.
| Further information on this vulnerability can be found on the CERT Website at https://www.kb.cert.org/vuls/id/304725 |