Yet Another Security Flaw Discovered in Bluetooth Technology

What's the new discovery?

• The BLURtooth vulnerability affects the component named Cross-Transport Key Derivation (CTKD) in the devices using the Bluetooth standard 4.0 through 5.0.
• Using this vulnerability, an attacker can manipulate the CTKD component of any device and then, either completely overwrite authentication keys or downgrade them to use weak encryption.
• Doing so allows access to Bluetooth-capable services on the targeted device.

Other recent threats with Bluetooth

• In July 2020, a group of researchers discovered a vulnerability, dubbed Bluetooth Reconnection Flaw, stemming from two critical design weaknesses in Bluetooth Low Energy (BLE), the most widely used low-energy communication protocol. The first issue was optional authentication during the device reconnection and the second was to avoid the authentication process.
• In May 2020, academics from Germany and Italy came across a new attack class called Spectra, which is focused on a combo of WiFi and Bluetooth chips. It exploits flaws in the interfaces between wireless cores, where one core can be used for denial of service (DoS), information disclosure, while the other one for code execution.
• In May 2020, academic researchers discovered security flaws dubbed Bluetooth Impersonation Attacks (BIAS) in Bluetooth Classic to spoof paired devices. An attacker can insert a rogue device into an established Bluetooth pairing presenting itself as a trusted endpoint.

Security tips