Bluetooth 4.2 and 5.0, supporting dual-mode are vulnerable to key overwriting, says the Researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University in independent researches.
The devices from iPad Pro to iPhone 11 run on these vulnerable Bluetooth versions.
Cross Transport Key Derivation(CTKD), which is responsible to authenticate keys, when pairing two devices together, is found vulnerable, which can be exploited to perform attacks like Man in the middle attack(MITM).
Bluetooth Basic Rate/Enhanced Data Rate(BR/EDR) and Bluetooth Low Energy(BLE) devices use CTKD to pair themselves, which upon pairing once, need not pairing again. The new research shows that the devices running on CTKD are vulnerable to key overwrite, which means that the authenticated Long Term Keys(LTK) or Link Key(LK) used to pair can be overwritten by unauthenticated keys, and as a result, unauthorized access can be established with the vulnerable devices. Access to certain services with little to no protection linked with the BlueTooth also becomes vulnerable.
This attack, termed as “BLURtooth,” is possible when the vulnerable device is within the wireless range of the attacking device and allows pairing without user access control restrictions.
Theoretically, these types of attacks can lead to theft of data and other malicious activities, and also it is unclear whether device-level security features can mitigate the risks or not.
The Bluetooth Special Interest Group(SIG), which is the standards organization that oversees the development and licensing of BlueTooth standards, released an advisory to the manufacturers to patch the issue in Bluetooth 5.1. SIG is also working on the issue with several partner companies that help in developing, maintaining, and deploying the BlueTooth devices.
With IoT devices, Bluetooth technology is used in almost everything around us. The most sensitive data is transferred via BlueTooth, and that makes the newly found vulnerability even more dangerous than ever as most of the devices are working on these vulnerable protocols.
Tips to enhance Bluetooth Security as a user
- Ensure that BlueTooth is disabled when not in use.
- Double check the pairing request when using Bluetooth in public places.
- All updates and patches concerning Bluetooth should be regularly deployed.
- Users should not accept any transmission from unknown devices.
- In case a BlueTooth device is stolen, the device should be unpaired from all other devices which were ever paired.