Another Alert Condition In Bluetooth Technology
A new attack strategy, BLURtooth is used to grant unauthorized access by overwriting the authentication keys within the wireless range.
What is really happening in this Attack?
- The BLURtooth vulnerability affects the component named Cross-Transport Key Derivation (CTKD) in the devices using the Bluetooth standard 4.0 through 5.0.
- Using this vulnerability, the attacker can control the CTKD component of any device.
- They can either completely overwrite authentication keys or downgrade them to use weak encryption.
- This allows access to Bluetooth-capable services on the targeted device.
How to be secured?
- Avoid communicating sensitive information like passwords through Bluetooth.
- The “Discoverable” mode should be enabled only when situation demands where pairing is recommended.
- Turnoff Bluetooth while not in use.
- Always update Bluetooth-enabled devices to patch any exploitable flaws.
