BLURtooth in Bluetooth

Hey, guys! How are y’all doing today?

Did y’all think I made a spelling error in the blog title? If yes, I assure you it’s not. :)

It’s actually the name of a vulnerability found in Bluetooth technology. Though the name of the vulnerability sounds light and fun, the vulnerability itself is dangerous. Those who use Bluetooth frequently and those who don’t bother to turn off Bluetooth on devices after using it, y’all need to be extra careful after this. 

Now that I’ve given you a sneak peek of what’s to come, let’s take a closer look at BLURtooth. 

What is BLURtooth?

BLURtooth is a vulnerability in a component of the Bluetooth standard named Cross-Transport Key Deviation (CTKD). 

The purpose of CTKD is to negotiate and set up the authentication keys when pairing 2 Bluetooth-capable devices. It works by setting up 2 different sets of authentication keys for both the Bluetooth Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) standard. CTKD comes in to prepare and make sure the keys are ready and allow the paired devices to decide what version of the Bluetooth standard they want to utilise. Its primary use is for the Bluetooth "dual-mode" feature.

According to the Bluetooth Special Interest Group (SIG), the BLURtooth attack was discovered independently by two groups of academics from the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University.

Why is BLURtooth dangerous?

Because it allows an attacker to manipulate the CTKD component to overwrite other Bluetooth authentication keys on a device. This manipulation will grant access to other Bluetooth-capable services/apps on the same device to an attacker who’s connecting via Bluetooth. 

In some versions of the BLURtooth attack, the authentication keys can be overwritten completely, while in others, authentication keys can be downgraded to use weak encryption.

All devices using the Bluetooth standard 4.0 through 5.0 are vulnerable to this attack. Fortunately, the Bluetooth 5.1 standard comes with features that can be activated and prevent BLURtooth attacks.

According to Bluetooth SIG officials, they have already started notifying vendors of Bluetooth devices about the BLURtooth attacks and how they could mitigate its effects when using the 5.1 standard.

Patch me up!

Unfortunately, at the time of writing this blog, there are no patches immediately available for this vulnerability. 

For now, the only ways to protect against BLURtooth attacks are: 

  • Control the environment in which Bluetooth devices are paired - to prevent man-in-the-middle attacks
  • Be vigilant and avoid pairings with rogue devices carried out via social engineering (tricking the human operator)

This patchless-period won’t last forever, though. It has to come to an end at some point. When that happens, patches are expected or most likely would be integrated as firmware or operating system updates for Bluetooth capable devices. 

The timeline for these updates to materialise is unclear, as device vendors and OS makers usually work on different timelines. Additionally, some may not prioritize security patches as others. The number of vulnerable devices is also unclear and hard to quantify at this moment. 

However, users can keep track of their device to know if it has received a patch for the BLURtooth attacks by checking firmware and OS release notes for CVE-2020-15802 - the bug identifier of the BLURtooth vulnerability.

That’s it for the blog today, y’all! Feel free to drop comments and share this blog if you found it informational.

Stay safe and stay tuned. 

Until next time, friends!

Credits: ZDNet

Add comment