Two teams of security researchers have discovered a new vulnerability in Bluetooth technology that has been confirmed by The Bluetooth Special Interest Group (SIG), the bloc responsible for Bluetooth interests. The flaw could potentially allow a hacker to take complete control of a user’s Bluetooth enabled device without authorization.
Bluetooth is a short-range, low powered, high-speed open wireless technology that uses the Internet of Things (IoT) for transmitting fixed and mobile electronic device data. Bluetooth replaces the cables that people conventionally used to connect devices, with an added purpose of keeping the communications secure. However, with convenience and productivity, Bluetooth also presents major security threats.
Devices using the Bluetooth standard 4.0 through 5.0 are vulnerable to a flaw called ‘BLURtooth’ in Cross-Transport Key Derivation (CTKD) - it allows an attacker to manipulate the CTKD component and overwrite authentication keys on the victim’s device. The Bluetooth 5.1 standard released by the Bluetooth SIG in January 2019 contains features that provide security against BLURtooth attacks.
Earlier this year, in May, academics from Italy and Germany identified yet another new type of attack ‘Spectra’, it was reported to break the separation between Wi-Fi and Bluetooth running on the same device. While relying upon the fact that transmissions happen in the same spectrum, the attack works against "combo chips".
In a blog post published on their website, the company told that for CTKD attack to be successful “an attacking device would need to be within wireless range of a vulnerable Bluetooth device supporting both BR/EDR and LE transports that supports CTKD between the transports and permits pairing on either the BR/EDR or LE transport either with no authentication (e.g. JustWorks) or no user-controlled access restrictions on the availability of pairing. If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur. This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.”
“The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers,” the blog further read.