A vulnerability 'BLURtooth' that allows an attacker to overwrite the authentication key of a Bluetooth device is discovered


by

Aaron Yoo

Bluetooth , which is widely used as a short-range wireless communication standard for digital devices, was found to have a vulnerability called ' BLURtooth ', and the Bluetooth Special Interest Group ( which oversees the development and licensing of the Bluetooth standard ) Bluetooth SIG) reported. It is said that this vulnerability could allow an attacker to overwrite the authentication key of a Bluetooth device and gain unauthorized access to the target device.

Security Notice | Bluetooth® Technology Website
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/



VU # 589825 --Devices supporting Bluetooth BR / EDR and LE using CTKD are vulnerable to key overwrite

https://www.kb.cert.org/vuls/id/589825/

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
https://thehackernews.com/2020/09/new-bluetooth-vulnerability.html

BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys | ZDNet
https://www.zdnet.com/article/blurtooth-vulnerability-lets-attackers-overwrite-bluetooth-authentication-keys/

A research team at the Swiss Federal Institute of Technology Lausanne and a research team at Purdue University have independently discovered a vulnerability called 'BLURtooth'. This vulnerability is related to a function called Cross-Transport Key Derivation (CTKD) implemented in Bluetooth 4.2 to Bluetooth 5.0.

There are two types of Bluetooth transfer methods: the conventional Bluetooth Basic Rate / Enhanced Data Rate (BR / EDR) and the Bluetooth Low Energy (LE), which saves significantly more power than the Bluetooth BE / EDR. CTKD is a pair for devices that support both Bluetooth BE / EDR and Bluetooth LE to set two types of authentication keys that support both standards, and once paired with one of the standards, communicate with another standard. It is a function that supports 'dual mode' that eliminates the need for a ring.

However, using the newly discovered vulnerability 'BLURtooth', unauthorized operations via CTKD become possible. This will allow an attacker to weaken the authentication key of a device equipped with Bluetooth 4.2 to Bluetooth 5.0, or to completely overwrite it with some methods.



Dual-mode capable devices that use CTKD to generate an authentication key are designed to allow the authentication key to be overwritten if the new Bluetooth transport applies a higher level of security. This means that a device impersonating another device could pair with a targeted device within Bluetooth range and use CTKD to generate a stronger authentication key, overwriting the previous authentication key. Researchers explain that there is.

The Bluetooth SIG points out that if 'BLURtooth' overwrites an existing authentication key, there is a risk of unauthorized access to authenticated services. Also, if both of the devices that were connected to it were vulnerable, a

man-in- the- middle attack could occur. In addition, since CTKD restrictions are obligatory in Bluetooth 5.1 and later versions, you will not be attacked by 'BLURtooth'.

In response to this report, the Bluetooth SIG has stated that it has notified device vendors of details and countermeasures for 'BLURtooth'. At the time of writing the article, a patch for 'BLURtooth' has not been released, but it is highly likely that the vulnerability will be fixed by updating the firmware and OS of Bluetooth compatible devices in the future.



in Mobile,   Hardware,   Security, Posted by log1h_ik