A recently disclosed vulnerability in the wireless standard Bluetooth could allow hackers to connect to devices remotely in a certain area and access user applications.
The vulnerability, called Blurtooth, was detailed a few days ago by the industry body Bluetooth SIG which oversees the development of the standard. And is that bluetooth is found in billions of devices around the world, from smartphones to IoT devices "Internet of things".
Blurtooth's vulnerability It was discovered by researchers from the EPFL École Polytechnique Fédérale de Lausanne and the Purdue University of Switzerland.
In the world of consumer technology, it is commonly used to power short-range connections for tasks such as pairing wireless headsets with a phone.
But Bluetooth also supports longer-range data transfer at distances of up to several hundred feet, a range that hackers could exploit using Blurtooth to launch attacks.
The vulnerability exploits a weakness in the way Bluetooth verifies the security of connections.
Typically, a user must manually approve a connection request before their device is linked to another system, but Blurtooth allows this defense to be circumvented.
Since a hacker or someone with enough knowledge to exploit the vulnerability can configure a malicious system to impersonate a Bluetooth device that the user had already approvedsuch as their wireless headphones and access to Bluetooth-enabled applications on the user's machine.
Blurtooth's attacks are based on a built-in Bluetooth security feature known as CTKD. Normally, this function it is used to help encrypt connections. But a hacker could exploit it to be able to obtain the authentication key of a previously approved device, which is what makes it possible to spoof legitimate endpoints and thus circumvent the need for the user to approve incoming connections.
The limited wireless range of Bluetooth reduces the threat posed by vulnerability. The two affected technology editions, Low Energy and Basic Rate, only support connections over distances of up to approximately 300 feet. But the widespread support for those two Bluetooth editions on consumer devices means that a large number of terminals could be potentially vulnerable.
The industry body for Bluetooth SIG stated that some of the devices using the versions Bluetooth 4.0 to 5.0 are affected. The latest version 5.2, which has not yet been widely adopted, is apparently not vulnerable, while version 5.1 has certain built-in features that device manufacturers can enable to block Blurtooth attacks.
At the security prompt, Bluetooth SIG It said it is "communicating widely" details of the vulnerability with device makers to speed up the industry response. The group "encourages them to quickly integrate the necessary patches." It is not yet clear when the patches will be available or which devices will need them.
The Bluetooth SIG released the following statement on Friday:
We would like to provide some clarification on the BLURtooth vulnerability. The initial public statement of the Bluetooth SIG indicated that the vulnerability could affect devices using versions 4.0 to 5.0 of the main Bluetooth specification.
However, that has now been fixed to indicate only versions 4.2 and 5.0. Also, the BLURtooth vulnerability does not affect all devices using these versions.
To be potentially open to attack, a device must support both BR / EDR and LE simultaneously, support cross-transport key derivation, and leverage peering and derived keys in a specific way. The solution to this problem is described in the Bluetooth Basic Specification 5.1 and later, and the Bluetooth SIG has recommended members with vulnerable products to incorporate this change into older designs, when possible.
Finally it is mentioned that users can keep track of whether their device has received a patch for BLURtooth attacks by checking the firmware and operating system release notes for CVE-2020-15802.