Bluetooth Security Vulnerability Discovered, but Apple's Fix is Already in Place

Discussion in 'iOS Blog Discussion' started by MacRumors, Jul 24, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    A newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

    The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

    From Intel's explanation:
    As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

    According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.
    Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

    Article Link: Bluetooth Security Vulnerability Discovered, but Apple's Fix is Already in Place
     
  2. Fall Under Cerulean Kites macrumors 6502

    Fall Under Cerulean Kites

    Joined:
    May 12, 2016
    #2
    Bluetooth pairing is so poor as it is, how would one even recognize they were being DoS’d?
     
  3. macintoshmac macrumors 68030

    macintoshmac

    Joined:
    May 13, 2010
  4. dannyyankou macrumors 604

    dannyyankou

    Joined:
    Mar 2, 2012
    Location:
    Scarsdale, NY
    #4
    As many security snafus Apple has had the past year, they’re usually really good at fixing these before it becomes news.
     
  5. Cougarcat macrumors 604

    Joined:
    Sep 19, 2003
    #5
    Only High Sierra? Did the Sierra security update fix this?
     
  6. ArtOfWarfare macrumors G3

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #6
    I wonder if the Tesla Model 3 is vulnerable? I think not... I think the car is looking for an actual password or token to be received via bluetooth. Simply connecting isn't enough.
     
  7. fairuz, Jul 24, 2018
    Last edited: Jul 26, 2018

    fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    Silicon Valley
    #7
    Yo, maybe we can exploit this instead of fixing it. That way I can finally forcibly auto-pair my stuff instead of going through the painful pairing process manually!

    Jokes aside, this is yet another reason I keep Bluetooth disabled forever (the other big one being that it's a PitA). It's like Adobe Flash, a new vulnerability every few months.
    --- Post Merged, Jul 24, 2018 ---
    HS, Sierra, and El Cap are patched: https://support.apple.com/en-us/HT208937
    Edit: Not actually sure cause the Bluetooth subsection says something different.
     
  8. EdT macrumors 65816

    EdT

    Joined:
    Mar 11, 2007
    Location:
    Omaha, NE
    #8
    Looking at the list of who isn’t susceptible to this makes me wonder who is.
     
  9. fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    Silicon Valley
    #9
    Old Android phones maybe
     
  10. Expobill macrumors 6502a

    Joined:
    May 30, 2018
    #10
    Wow lotsa cartoon characters here!
    There is cartman, simon bar sinister and itoons!
     
  11. EdT macrumors 65816

    EdT

    Joined:
    Mar 11, 2007
    Location:
    Omaha, NE
    #11
    Simon Bar Sinister is way more good looking than I am. I’m doing everyone a favor.
     
  12. Expobill macrumors 6502a

    Joined:
    May 30, 2018
    #12
    How is sweet Polly purebread alookin’ nowadays?
     
  13. EdT macrumors 65816

    EdT

    Joined:
    Mar 11, 2007
    Location:
    Omaha, NE
    #13
    Lots of plastic surgery and Botox. The broadcast business worships the young.
     
  14. macduke macrumors G3

    macduke

    Joined:
    Jun 27, 2007
    Location:
    Central U.S.
    #14
    Security through obscurity.
     
  15. Expobill macrumors 6502a

    Joined:
    May 30, 2018
    #15
    Maybe she can land a part in an HBO series like Dianna Rigg did
     
  16. EdT macrumors 65816

    EdT

    Joined:
    Mar 11, 2007
    Location:
    Omaha, NE
    #16
    I'd watch it, but I'm drawn to characters like that.
     
  17. fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    Silicon Valley
    #17
    I swear the average time spent using a Bluetooth peripheral, factoring in the setup time, is less than the average time spent connecting a cable to do something equivalent. "Pass the AUX cord..."
     
  18. noraa macrumors regular

    Joined:
    Jun 23, 2003
    #18
    Where are you reading that Microsoft products aren't affected? If you click on the first link in the article, it takes you to Intel's research notes on the vulnerability - Windows is listed as the first OS on how to fix the issue.

    The vulnerability isn't in the OS, it's in the driver's. Apple produces their own drivers (for the most part), whereas Microsoft/Windows relies on 3rd party drivers from the device manufacturer Thus you wouldn't say Windows is vulnerable, but various Bluetooth devices and drivers are vulnerable on Windows.
     
  19. TimmeyCook Suspended

    TimmeyCook

    Joined:
    Jun 20, 2018
    #19
    Because they are, if you had read the original article carefully.

    I'm sure all Android manufactures are going to release security fixes for this problem for all their phones released in the past 6 years.
     
  20. iapplelove macrumors 601

    iapplelove

    Joined:
    Nov 22, 2011
    Location:
    East Coast USA
    #20
    Didn’t read the link, but the front page post clearly states “Microsoft says it’s devices are not effected.”
     
  21. macintoshmac macrumors 68030

    macintoshmac

    Joined:
    May 13, 2010
    #21
    Exactly that - the MacRumors article says clearly that Microsoft stated its devices are not affected. I did not misread anything. :)
     
  22. noraa macrumors regular

    Joined:
    Jun 23, 2003
    #22
    Ahhh, you're right. I must’ve skipped over the last sentence.

    With that being said, I think that sentence is a bit misleading. My guess is that we’re talking about Microsoft hardware products (i.e. their Surface looks be), which may be using different Bluetooth chips or have a custom driver. Windows itself is still “vulnerable” in the sense that if the Bluetooth driver has the flaw, there isn’t anything Windows can actively do to prevent the issue - the driver would need to be updated.
     
  23. fairuz macrumors 68000

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    Silicon Valley
    #23
    Says at the bottom of the MR article, Microsoft's devices aren't affected. MS's devices are just the Surface and Windows Phones. Windows isn't a device.

    Edit: D'oh, this has already been said above.
     
  24. OldSchoolMacGuy Suspended

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #24
    Really not that big of a deal even if you can't patch it. So someone within 30ft of you using your Bluetooth mouse would be able to get the cursor movement details or listen in on your music. Oh NO!
     
  25. m0sher macrumors 6502

    m0sher

    Joined:
    Mar 4, 2018
    #25
    I’m just impressed by the time we hear the news, it’s already been fixed. Good job. :)
     

Share This Page