Unpatched Bluetooth vulnerability allows hackers to connect to nearby devicesSeptember 10, 2020
A newly disclosed vulnerability in the ubiquitous Bluetooth wireless standard could enable hackers to connect to devices remotely in a given area and access users’ applications.
The vulnerability, dubbed Blurtooth, was detailed on Wednesday by the Bluetooth SIG industry body that oversees development of the standard. There are currently no patches available.
Bluetooth is found in billions of devices worldwide ranging from smartphones to “internet of things” gadgets. In the consumer technology world, it’s commonly used to power short-range connections for tasks such as pairing wireless earbuds with a handset. But Bluetooth also supports longer-range data transfer over distances of as much as several hundred feet, a range that hackers could potentially exploit using Blurtooth to launch attacks.
The vulnerability harnesses a weakness in the way Bluetooth verifies the security of connections. Normally, a user must manually approve a connection request before their device is linked to another system, but Blurtooth makes it possible to circumvent this defense. A hacker can configure a malicious system to impersonate a Bluetooth device that the user had already approved, such as their wireless earbuds, and gain access to the Bluetooth-enabled apps on the user’s machine.
Blurtooth attacks rely on a built-in Bluetooth security feature known as CTKD. Normally, this feature is used to help encrypt connections. But a hacker could exploit it to hijack the authentication key of a previously approved device, which is what makes it possible to impersonate legitimate endpoints, and thereby circumvent the need for the user to approve inbound connections.
The limited wireless range of Bluetooth reduces the threat posed by the vulnerability. The two editions of the technology affected, Low Energy and Basic Rate, only support connections over distances of up to 300 or so feet. But the widespread support for those two Bluetooth editions in consumer devices means that a large number of endpoints could potentially be vulnerable.
The Bluetooth SIG industry body stated that all devices using Bluetooth versions 4.0 through 5.0 are affected. The newest 5.2 version, which isn’t yet widely adopted, apparently isn’t vulnerable, while the 5.1 release has certain built-in features that device makers can turn on to block Blurtooth attacks.
In a security notice, Bluetooth SIG said it’s “broadly communicating” details of the vulnerability with device makers to speed up the industry response. The group is “encouraging them to rapidly integrate any necessary patches.” It’s not yet clear when patches will become available or which devices will need them.
The Blurtooth vulnerability was discovered by researchers from Switzerland’s EPFL École Polytechnique Fédérale de Lausanne and Purdue University.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel…