
Bluetooth SIG Security Update - okket
https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update
======
okket
See also "Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve
Attack"

[https://www.cs.technion.ac.il/~biham/BT/](https://www.cs.technion.ac.il/~biham/BT/)

~~~
PappaPatat
Thanks, has a much better link with more information.

------
IshKebab
I still haven't ever found an answer to these claims that BLE 4.2's "Secure
Connections" passkey (PIN) mode is totally insecure, and that the flaw was
discovered in 2008 (yes, a long time before BLE 4.2 existed).

[https://pomcor.com/2015/06/03/has-bluetooth-become-
secure/](https://pomcor.com/2015/06/03/has-bluetooth-become-secure/)

------
PappaPatat
[...]the Bluetooth SIG is not aware of any devices implementing the attack
having been developed, including by the researchers who identified the
vulnerability.

Well that is odd. Did the researchers really convince the Bluetooth SIG just
by pointing the issue(s) out on paper?

------
bsder
Is this specific to P-256? I thought Curve25519, for example, didn't have this
problem because it didn't have any invalid points.

~~~
MrXOR
No,

"A curve designer cannot protect against this attack by choosing better
curves"

[https://safecurves.cr.yp.to/twist.html](https://safecurves.cr.yp.to/twist.html)

~~~
bsder
Thanks for the reference.

------
baybal2
A yet another flimsy DH implementation I guess?

~~~
MrXOR
Yes, flimsy DH implementation+ invalid curve attack

"Bluetooth implementations may not sufficiently validate elliptic curve
parameters during Diffie-Hellman key exchange"

[https://www.kb.cert.org/vuls/id/304725](https://www.kb.cert.org/vuls/id/304725)

