Experts CERT and Bluetooth Special Interest Group (SIG) have released information about a new problem that poses a danger to all devices using Bluetooth from version 4.0 to version 5.0. Bluetooth 5.1 has features that can be enabled and prevented from attacks, and the Bluetooth SIG is already advising device manufacturers on how they can mitigate the 5.1 vulnerability.
The vulnerability was discovered by specialists from the Federal Polytechnic School of Lausanne and Purdue University and was named BLURtooth (CVE-2020-15802). The problem is related to the Cross-Transport Key Derivation (CTKD) standard that Bluetooth devices use.
When pairing devices, CTKD is used to negotiate and configure authentication keys between them. The fact is that for the Bluetooth Low Energy (BLE) and Basic Rate / Enhanced Data Rate (BR / EDR) standards, two different sets of keys are used. Basically, the role of CTKD is to prepare keys and let devices determine which version of the Bluetooth standard they will use.
Experts warn that using BLURtooth, an attacker can manipulate CTKD and overwrite authentication keys on a device, which ultimately gives an attacker connecting via Bluetooth access to other Bluetooth services and applications on this device.
In some cases, authentication keys can be completely overwritten using BLURtooth, while in other cases the keys can be downgraded and the encryption version is weakened.
Unfortunately, patches for this problem are not yet available, and the only way to protect against BLURtooth is to control the environment in which the devices are paired in order to prevent man-in-the-middle attacks and pairing with malicious devices.
The exact timing of the release of the fixes has not yet been announced. Most likely, in the future, such patches will be integrated into firmware or OS updates for Bluetooth-enabled devices.