Bluetooth? Pairing Vulnerability (INTEL-SA-00128)

Documentation

Product Information & Documentation

000029560

07/23/2018

Security researchers have disclosed a new vulnerability during the Bluetooth® pairing process to the CERT Coordination Center and Bluetooth® supplier industry.
Certain Intel products that support Bluetooth® are among those affected by this industry vulnerability.

  • During the Bluetooth® pairing process, an attacker with physical proximity (usually within 30 meters) can gain unauthorized access via an adjacent network, and intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices.
  • This may result in information disclosure, elevation of privilege and/or denial of service. (E.g. a Bluetooth headset may have its audio compromised, or a Bluetooth keyboard may have its keystrokes recorded and/or altered).

Products Affected:

  • Intel® Dual Band Wireless-AC
  • Intel® Tri-Band Wireless-AC
  • Intel® Wireless-AC family of products

Intel recommends that customers deploy available updates as soon as possible. Check with your system manufacturer to see if they have an updated Bluetooth driver available.

Alternatively:
For Microsoft® Windows™ 7, 8.1, and 10, you can use the Intel® Driver and Support Assistant to identify and update your driver (v20.60 and later) directly from Intel:

For Google Chrome OS:

  • Intel® Bluetooth FW binary with an update resolving the vulnerability has been upstreamed to Chromium
  • A Chrome OS update is also required. For any Google Chrome OS solution and schedule, please contact Google directly

For Linux OS see Github

For further details you can view Security Advisory SA-00128 via the Intel® Security Center
If you need additional assistance please contact Intel Customer Support