Updated: BLURtooth Vulnerability Allows Attackers Overwrite Bluetooth Encryption

This was highlighted by two separate research studies by Bluetooth Special Interest Group (SIG) and the CERT Coordination Center at the Carnegie Mellon University (CERT/CC).

In fact, BLURtooth is a vulnerable component in the Bluetooth standard called Cross-Transport Key Derivation (CTKD).

An attacker can use this vulnerability on devices supporting Bluetooth Classic and Low Energy (LE) data transport methods.

The main use of CTKD is to let the connecting Bluetooth devices select what version of the standard they want to use.

For instance, either Bluetooth Low Energy (BLE) or Basic Rate/Enhanced Data Rate (BR/EDR) standard.

Good thing is that the devices running Bluetooth 5.1 come with features that will guard them against these BLURtooth attacks.

Powered by Blogger.