BLURtooth Vulnerability Threatens Secure Bluetooth Device Connections

A newly discovered vulnerability dubbed BLURtooth has made it into the news, the exploit literally blurs safe pairing between Bluetooth devices.

About BLURtooth Vulnerability

Reportedly, the Bluetooth Special Interest Group (SIG) and  CERT Coordination Center at the Carnegie Mellon University (CERT/CC) have published security alerts regarding a serious Bluetooth flaw.

Specifically, the vulnerability resides in the Cross-Transport Key Derivation (CTKD) component of Bluetooth standard. This component is primarily responsible for setting up encryption keys when two devices pair.

The component ideally generates two pairs of authentication keys for the two Bluetooth standards; Bluetooth Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) standard. It then leaves it to the devices to choose the appropriate key standard.

This is where the vulnerability, CVE-2020-15802, exists. As stated by Bluetooth SIG,

The researches identified that CTKD, when implemented to older versions of the specification, may permit escalation of access between the two transports with non-authenticated encryption keys replacing authenticated keys or weaker encryption keys replacing stronger encryption keys.

Such meddling with encryption keys allows an adversary to connect vulnerable devices to the wrong devices.

Though for a successful attack, an attacker must be present within the wireless range of vulnerable Bluetooth enabled devices.

Recommended Mitigations

The vulnerability poses a threat to devices with Bluetooth Specifications 4.2 through 5.0.

However, Bluetooth Core Specification versions 5.1 and later, despite being vulnerable, bear features that can be activated to prevent such attacks. According to Bluetooth SIG, Bluetooth 5.1 already mandates certain restrictions on Cross-Transport Key Derivation (CTKD).

Thus, for now, they recommend,

The Bluetooth SIG is recommending that potentially vulnerable implementations introduce the restrictions on Cross-Transport Key Derivation mandated in Bluetooth Core Specification versions 5.1 and later.

Besides, they have also communicated with the vendors regarding necessary patches. Though, a timeline for the arrival of such patches remains unclear.

Nonetheless, they advise users to ensure keeping their devices updated with the latest patches provided by the respective manufacturers.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients