Bluetooth Vulnerability

security

(Geko) #1

FYI,

Vulnerability Note VU#304725

Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device. The attacker can then intercept and decrypt and/or forge and inject device messages.