It is Bluetooth SIG itself, an international organisation that brings together numerous technology companies to support this widespread standard, to bring to the attention of users the fact that researchers of the École Polytechnique Fédérale de Lausanne (EPFL) and Pur

This security breach is called BluRtooth and can allow man-in-the-middle attacks due to overwriting of the key.

The researches, has emphasized Bluetooth SIG, in fact have identified that the CTKD implemented in previous versions of the specification can allow the escalation of the access between the two transports with unauthenticated encryption keys that replace authenticated keys or key

For this attack to succeed, an attacker should be within the wireless reach of a vulnerable Bluetooth device that supports both BR/EDR and LE transport systems that support CTKD between transports, and allows for pairing

If a device that falsifies the identity of another device is combined or connected to a transport and CTKD is used to derive a key that then overwrites a pre-existing key of greater strength, or that has been created using authentication, access to the

This can, precisely, allow a man-in-the-middle (MITM) attack between previously matched devices, by means of an authenticated pairing when these peer devices are both vulnerable, but also other types of attack.

Bluetooth SIG recommended to manufacturers that potentially vulnerable implementations introduce restrictions on Cross-Transport Key Derivatives mandatory in versions 5.1 and later of the Bluetooth Core specification.

In addition, Bluetooth SIG is also working on communicating on a large scale details of this vulnerability and its remedies to associated companies, encouraging them to quickly integrate all necessary patches.

For end users, Bluetooth SIG recommends, as always, to make sure that you have installed the latest updates recommended by device manufacturers and operating systems.

Leave a Reply

Your email address will not be published.

You May Also Like