BLURtooth Attack – A Bluetooth Vulnerability To Overwrite Authentication Key

BlurTooth Vulnerability
BlurTooth Vulnerability

According to report, all devices using Bluetooth version 4.0 through 5.0 are vulnerable.

What is BLURtooth Vulnerability?

A vulnerability is define named Cross-Transport Key Derivation (CTKD).

Devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing are vulnerable to key overwrite, which enables an attacker to to gain additional access to profiles or services that are not restricted by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key, according to CERT.

Bluetooth CTKD can be used for pairing by devices that support both Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) transport methods, which are known as “dual-mode” devices. CTKD pairing allows the devices to pair once using either transport method while generating both the BR/EDR and LE Long Term Keys (LTK) without needing to pair a second time. Dual-mode devices using CTKD to generate a LTK or Link Key (LK) are able to overwrite the original LTK or LK in cases where that transport was enforcing a higher level of security.

What is IMPACT of BLURtooth Attack Vulnerability?

By exploiting CVE-2020-15802, including a Man in the Middle (MITM) attack. The vulnerability is being referred to as BLURtooth and the group of attacks is being referred to as the BLUR attacks. Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack.

What is the Solution?

According to Bluetooth SIG, It is recommending that potentially vulnerable implementations introduce the restrictions on Cross-Transport Key Derivation mandated in Bluetooth Core Specification versions 5.1 and later.

The Bluetooth SIG, The researchers also identified that CTKD may permit a remote paired device to access some LE services if BR/EDR access is achieved or BR/EDR profiles if LE access is achieved. As this is the intended use of CTKD, these cross-transport procedures are not being considered vulnerabilities by the SIG.

Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.

Also See: Google Adds Security Keys For iPhone Users

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Related Posts