Friday, October 23, 06:20
Home security BLURtooth: allows the replacement of Bluetooth authentication keys

BLURtooth: allows the replacement of Bluetooth authentication keys

A new attack on capable devices Bluetooth, which is taking place in recent days has worried organizations dealing with it technology.


This is a vulnerability in a component of the Bluetooth standard called Cross-Transport Key Derivation (CTKD), which was named BLURtooth.

This item is used to set authentication keys when pairing two Bluetooth enabled devices.

The role of CTKD is to keep the keys connected Appliances decide which version of the Bluetooth standard they want to use. Its main use is the "dual function" Bluetooth.

But according to security alerts released today by Bluetooth Special Interest Group (SIG) and CERT Coordination Center at Carnegie Mellon University (CERT / CC), an attacker could manipulate CTKD to replace Bluetooth authentication keys on a device and access other Bluetooth-enabled services / applications on the same device device.

In some versions of the BLURtooth attack, authentication keys can be completely replaced, while other authentication keys can be downgraded for use with weak encryption.

All devices that use the standard Bluetooth 4.0 to 5.0 are vulnerable. Bluetooth 5.1 has features that can be enabled to prevent BLURtooth attacks.

There are currently no security updates to fix this vulnerability. The only way to protect against BLURtooth attacks is to control the environment in which the Bluetooth devices are connected to prevent attacks.

However, they are expected to be available soon. Then they will most likely be incorporated as updates firmware or operating system for Bluetooth enabled devices. According to the Bluetooth SIG, the BLURtooth attack was discovered independently by two groups of academics from the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


How to remove Edge tabs from Alt + Tab in Windows 10

Starting with the October 2020 update, Windows 10 now displays Microsoft Edge browser tabs in the Alt + Tab task ...

Patient information is held for ransom by hackers

A company offering psychological support and psychotherapy services to thousands of patients in Finland has fallen victim to hackers. As the company stated, ...

ESafety believes that social media authentication would not be practical

Australian eSafety Commissioner Julie Inman-Grant has dismissed the practice of verifying users' identities on social media.

First beta version of the "1Password" application for Linux

One and a half months after the first rumors about the release of the 1Password application for the Linux desktop, the co-founder of Dave Teare announced now ...

The price of Bitcoin skyrockets after PayPal adds cryptocurrency

The price of Bitcoin reached a very high record on Wednesday, after the announcement of PayPal for the integration of cryptocurrency in the online ...

Dr Reddy is closing its laboratories worldwide following a data breach

The pharmaceutical company Dr Reddy 's Laboratories (DRL) was forced to close its laboratories worldwide, after a data breach that ...

PayPal lets users use cryptocurrency

PayPal on Wednesday announced a new feature that will allow users to buy, store and sell cryptocurrency.

Activists are developing face recognition technology to reveal the identities of police officers

In early September, Portland, Oregon City Council held a virtual meeting to consider legislation that ...

Tesla share rises almost 5%

Tesla's Elon Musk released the results for the third quarter of 2020 on Wednesday. The share rose almost 5% on ...

Account Takeover Attacks: How to Avoid Them?

Account Takeover (ATO) attacks are a form of theft, often used by criminals. The attackers are trying to break into accounts ...