BLURtooth exploit overview.

Updated -

Researchers at from the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University have discovered a vulnerability in the bluetooth protocols 4.2 through 5.0.

A flaw was found in the way the Bluetooth Security Manager, as implemented in the Linux kernel, handles encryption keys propagation between BR/EDR and LE physical transports.

On systems that enabled pairing over both physical transports simultaneously (so called dual-mode systems) it is possible for an attacker to pair using the first transport with a weaker authentication method which then also resulted in encryption key update for the second transport with key derived from the first via feature called Cross-Transport Key Derivation (CKTD).

An attacker in the Bluetooth adjacent range could use this flaw to potentially access Bluetooth resources on the system that he otherwise would be unable to.

Current attack vector.

The attacker must be within physical radio transmission range for bluetooth. Different bluetooth hardware have maximum range requirements, some as short as 10 meters and the largest as far as 100m.

This article will be updated as the situation unfolds.

Comments