Certain configurations of Bluetooth 4.2 to 5.0 on dual-mode devices contain a flaw that could allow hackers to conduct 'man in the middle' (MITM) attacks or overwrite encryption keys.
Known as BLURtooth, the vulnerability assigned CVE-2020-15802 can be found on devices supporting both Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) transportation methods as well as Low Energy (LE) connections.
Although an alert, published by Carnegie Melon University, doesn't specify which particular devices are affected, a number of widely-available dual-mode devices fall into the bracket, including the Dynabook Portégé X30L-G business notebook, the Nokia 5.3 smartphone, and the Sonos Move wireless speaker system.
The flaw lies in the pairing mechanism in these dual-band Bluetooth devices, with the vulnerability allowing third-parties to overwrite the key used to establish a link between two devices. The vulnerability, and the group of viable attacks, categorised as BLUR, was first discovered by academics with École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University.
“The researches identified that CTKD, when implemented to older versions of the specification, may permit escalation of access between the two transports with non-authenticated encryption keys replacing authenticated keys or weaker encryption keys replacing stronger encryption keys,” according to the Bluetooth Special Interest Group (SIG).
BLURtooth mainly affects devices that use the Cross-Transport Key Derivation (CRKD) mechanism for Bluetooth pairing. The fault may allow an attacker to reduce the strength of the encryption key, or overwrite an authenticated key with an unauthenticated key in order to gain access to profiles or services.
To conduct successful attacks, a hacker must be within wireless range of a vulnerable Bluetooth device that supports CTKD connections and supports pairing either with no authentication or no access restrictions on pairing.
An attacker spoofing another device’s identity may bond with the vulnerable device and derive a key through the CTKD mechanism that overwrites a pre-existing encryption key of much greater strength. In doing so, the attacker can access authenticated services, or conduct a MITM attack in future between devices that were previously bonded.
BLURtooth is the latest serious Bluetooth vulnerability to be recognised by the Bluetooth SIG in recent months after the organisation was forced to update the core specification following the discovery of BIAS in May 2020.
Also centred on devices using BR/EDR, the Bluetooth Impersonation Attacks (BIAS) flaw allowed attackers to break security mechanisms and impersonate one device in a pair after a bond has been established.
RELATED RESOURCE
The State of Email Security 2020
Email security insights at your email perimeter, inside your organisation, and beyond
BIAS can also work in conjunction with other attacks, such as the Key Negotiation of Bluetooth (KNOB) attack, which allowed hackers to brute force watered-down encryption keys and intercept data transmitted between devices.
Bluetooth SIG has recommended that potentially vulnerable devices should be updated with the restrictions placed on CTKD, as mandated by the Bluetooth Core Specification version 5.1 and beyond.
The details of the vulnerability are also being relayed to members of the organisation, which includes hundreds of device manufacturers, with these members encouraged to rapidly integrate any patches as and when they become available.
-
"I LOVE this company!" Looking back on 50 years of tech giant MicrosoftOpinion There have been highs, lows, laughs and lots of success in the past 5 decades for the Redmond-headquartered firm
-
Verizon Call Filter API flaw could’ve exposed millions of Americans’ call recordsNews A security flaw in Verizon's Call Filter app could’ve allowed threat actors to access details of incoming calls for another user, a security researcher has found.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to successNews Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
