Recently, researchers disclosed yet another security flaw discovered in Bluetooth technology. Read on to know more…
In the past, security researchers have disclosed several security vulnerabilities on Bluetooth technology. In a recent discovery, a new security vulnerability was identified that could allow an attacker to take complete control of a Bluetooth-enabled device.
This new Bluetooth security flaw would potentially allow an attacker to connect to a user device without authentication. The Bluetooth Special Interest Group (SIG), the body responsible for Bluetooth standards, has confirmed vulnerabilities separately discovered by two teams of security researchers.
BLURtooth Attack
The security flaw (CVE-2020-15802), discovered independently by researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University, is being referred to as “BLURtooth”. This new attack method can overwrite the authentication keys to grant unauthorized access. The BLURtooth vulnerability affects the component named Cross-Transport Key Derivation (CTKD) in the devices using the Bluetooth standard 4.0 through 5.0. Using this vulnerability, an attacker can manipulate the CTKD component of any device and then, either completely overwrite authentication keys or downgrade them to use weak encryption. Doing so allows access to Bluetooth-capable services on the targeted device.
Past Security Threats
Several Bluetooth-based attacks have cropped up in the past.
In July 2020, a group of researchers discovered a vulnerability, dubbed Bluetooth Reconnection Flaw, stemming from two critical design weaknesses in Bluetooth Low Energy (BLE), the most widely used low-energy communication protocol. The first issue was optional authentication during the device reconnection and the second was to avoid the authentication process.
In May 2020, academics from Germany and Italy came across a new attack class called Spectra, which is focused on a combo of WiFi and Bluetooth chips. It exploits flaws in the interfaces between wireless cores, where one core can be used for denial of service (DoS), information disclosure, while the other one for code execution.
In May 2020, academic researchers discovered security flaws dubbed Bluetooth Impersonation Attacks (BIAS) in Bluetooth Classic to spoof paired devices. An attacker can insert a rogue device into an established Bluetooth pairing presenting itself as a trusted endpoint.
In February, a security critical vulnerability in the Bluetooth implementation on Android devices was discovered that could allow attackers to launch remote code-execution (RCE) attacks – without any user interaction.
Mitigation
One should always avoid communicating sensitive information like passwords via Bluetooth. Enable “discoverable” mode only when it is needed while pairing with devices. Turn off Bluetooth while not using it to avoid any possible cyberattack. At last, always update Bluetooth-enabled devices to patch any exploitable flaw.
The Bluetooth SIG is recommending that potentially vulnerable Bluetooth implementations introduce the restrictions on CTKD that have been mandated in Bluetooth Core Specification versions 5.1 and later. These restrictions prevent the overwrite of an authenticated key or a key of a given length with an unauthenticated key or a key of reduced length.