The attacks that exploit the vulnerability are termed as BLUR attacks by security researchers.
Bluetooth has been a widely used technology in various devices and as technology advances the use of Bluetooth is becoming more profound. Just like every protocol, it is important to remember that it can be vulnerable as well.
Keeping the vulnerabilities in mind, recently researchers have discovered that the Cross-Transport Key Derivation (CTKD) which can be found in both versions 4.2 and 5.0 of Bluetooth’s core specifications is vulnerable to a Man in the Middle Attack (MITM).
The vulnerability targets the fact that CTKD is used for the authentication that occurs when multiple devices connect to each other. It does so by allowing the user to choose 1 out of 2 standards, namely Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) for the authentication to occur.
BLE is mostly used in IoT devices and wearable tech, while BR/EDR is a digital mobile phone technology that allows improved data transmission rates. Mostly, the technology is used in apps like wireless headphones and speakers, etc.
Their are various methods by which the vulnerability can be patched. One of these is that no overwriting of keys is allowed by default in the vulnerable versions mentioned above and ” restrictions on CTKD” be also placed.
NPAV recommends users to always monitor their bluetooth devices and keep a proper password protection over the pairing mechanism. Bluetooth can be exploited by hackers to launch various cyber attacks on your devices.
Install NPAV to keep your devices protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.