A new Bluetooth vulnerability could allow an attacker to downgrade or bypass Bluetooth encryption keys, open the door to man-in-the-middle attacks, or other malicious exploits.
The bug, called “BLURtooth”, is located in a component of the Cross-Transport Key Derivation standard, leaving devices vulnerable to human-centered attacks or other exploits. It affects all “dual-mode” devices running Bluetooth 4.0 or 5.0, which include the iPad Pro for iPhone 11.
According to a security release from the Bluetooth Special Interest Group (SIG), researchers at Purdue University and the Cole Polytechnique Federale de Lausanne discovered that CTKD can allow escalation of access between two devices.
However, researchers discovered that an attack could exploit CTKD to overwrite other Bluetooth keys – giving them access to other Bluetooth-compatible apps or services on an affected device. SIG notes that the vulnerability could be used to overwrite keys completely, or force a downgrade to keys that use weaker encryption.
“This may allow a Man In The Middle (MITM) attack between devices that were previously bound using authenticated pairing when both of these devices are vulnerable,” SIG wrote.
Attackers may also be able to forge the identity of a paired device to gain access to authenticated services
In theory, attacks like these can lead to data theft or other malicious activity. However, it is not clear whether device-level limitations or security features can reduce the risk.
Who’s in danger from BLURtooth
At this time, there is no timeline for an update. Because of this, the only real way to reduce it on affected devices may be to be careful about which Bluetooth devices your device is connected to.
Apple’s iOS security features may provide some level of protection. Apple also requires that apps get permission from users before connecting to a service or accessory using Bluetooth. App sandboxing should prevent a compromised service from accessing data in other apps.
In addition, SIG notes that there is a mechanism that can be deployed in the updated Bluetooth 5.1 standard to reduce attack. Therefore, devices running Bluetooth 5.1 should be considered safe.