In the recent times security experts have reported many security threats that have plagued the Bluetooth technology. In one such discovery that was made recently, a completely new vulnerability was discovered that could enable an attacker to take control of a Bluetooth device completely.
This new method of attacked dubbed as BLURtooth can overwrite the authentication keys to grant unauthorized access.
A component named Cross-Transport Key Derivation (CTKD) that is present in the devices using the Bluetooth standard 4.0 through 5.0, is affected by this vulnerability. The CTKD component of any device can be manipulated using this vulnerability by an attacker to completely overwriting authentication keys or downgrading them to use a weaker encryption. Bluetooth capable services are accessed on targeted devices by attackers due to this vulnerability.
Recent Threats to the Bluetooth technology –
- In July this year, a vulnerability called Bluetooth Vulnerability Flaw was discovered by a group of researchers. This vulnerability was found stemming from two critical design weaknesses in Bluetooth Low Energy (BLE), the most widely used low-energy communication protocol. during the device reconnection, the first issue was optional authentication while the second was to avoid the authentication process.
- In the May of 2020, a new attack class called Spectra was discovered by academics from Germany and Italy that focused on a combo of WiFi and Bluetooth chips. Interfaces between wireless cores, where one core can be used for denial of service (DoS), information disclosure, while the other one for code execution was exploited by this vulnerability.
- In the same month, another security flaw called Bluetooth Impersonation Attacks (BIAS) was discovered. This vulnerability allowed attackers to spoof paired devices. A rogue device can be inserted by the attacker into an established Bluetooth pairing presenting itself as a trusted endpoint.
Our security experts suggest avoiding communicating sensitive information like passwords through the Bluetooth. Enable “discoverable” mode only when it is needed while pairing with devices. They also suggest switching off the Bluetooth while not using it to avoid any possible cyberattack. And in the end, update Bluetooth-enabled devices to patch any exploitable flaw.
To read more, please check eScan Blog
