Home Hacking News BLURtooth Vulnerability Threatens Secure Bluetooth Device Connections
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

BLURtooth Vulnerability Threatens Secure Bluetooth Device Connections

by Abeerah Hashim
written by Abeerah Hashim
BLURtooth Vulnerability

A newly discovered vulnerability dubbed BLURtooth has made it into the news, the exploit literally blurs safe pairing between Bluetooth devices.

About BLURtooth Vulnerability

Reportedly, the Bluetooth Special Interest Group (SIG) and  CERT Coordination Center at the Carnegie Mellon University (CERT/CC) have published security alerts regarding a serious Bluetooth flaw.

Specifically, the vulnerability resides in the Cross-Transport Key Derivation (CTKD) component of Bluetooth standard. This component is primarily responsible for setting up encryption keys when two devices pair.

The component ideally generates two pairs of authentication keys for the two Bluetooth standards; Bluetooth Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) standard. It then leaves it to the devices to choose the appropriate key standard.

This is where the vulnerability, CVE-2020-15802, exists. As stated by Bluetooth SIG,

The researches identified that CTKD, when implemented to older versions of the specification, may permit escalation of access between the two transports with non-authenticated encryption keys replacing authenticated keys or weaker encryption keys replacing stronger encryption keys.

Such meddling with encryption keys allows an adversary to connect vulnerable devices to the wrong devices.

Though for a successful attack, an attacker must be present within the wireless range of vulnerable Bluetooth enabled devices.

Recommended Mitigations

The vulnerability poses a threat to devices with Bluetooth Specifications 4.2 through 5.0.

However, Bluetooth Core Specification versions 5.1 and later, despite being vulnerable, bear features that can be activated to prevent such attacks. According to Bluetooth SIG, Bluetooth 5.1 already mandates certain restrictions on Cross-Transport Key Derivation (CTKD).

Thus, for now, they recommend,

The Bluetooth SIG is recommending that potentially vulnerable implementations introduce the restrictions on Cross-Transport Key Derivation mandated in Bluetooth Core Specification versions 5.1 and later.

Besides, they have also communicated with the vendors regarding necessary patches. Though, a timeline for the arrival of such patches remains unclear.

Nonetheless, they advise users to ensure keeping their devices updated with the latest patches provided by the respective manufacturers.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...