Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

bluetooth blurtooth attack

The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.

A high-severity Bluetooth vulnerability has been uncovered, which could enable an unauthenticated attacker within wireless range to eavesdrop or alter communications between paired devices.

The flaw (CVE-2020-15802), discovered independently by researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University, is being referred to as “BLURtooth.” The issue exists in the pairing process for Bluetooth 4.0 through 5.0 implementations. This pairing process is called Cross-Transport Key Derivation (CTKD).

“Devices… using [CTKD] for pairing are vulnerable to key overwrite, which enables an attacker to gain additional access to profiles or services that are not restricted, by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key,” according to a security advisory on Wednesday by the Carnegie Mellon CERT Coordination Center.

The ‘BLURtooth’ Attack

There are two types of Bluetooth protocols related to the attack – the older Bluetooth Classic (also known as Bluetooth Basic Rate/Enhanced Data Rate, or BR/EDR) and newer Bluetooth Low Energy (BLE). While BR/EDR are mainly used for audio applications such as wireless telephone connections, wireless headphones and wireless speakers, BLE is more often seen in wearable devices, smart IoT devices, fitness monitoring equipment and battery-powered accessories such as a keyboard.

Threatpost Webinar Promo Bug Bounty

Click to Register

The process of CTKD is utilized when two dual-mode devices pair with each other – “dual-mode” meaning that they support both BLE and BR/EDR. The process means the devices only need to pair over either BLE or BR/EDR to get the encryption keys – called Link Keys – for both transport types in one go.

However, a hole in CTKD makes it possible to lower the “strength” of these Link Key encryption keys (further technical details on where specifically the vulnerability exists within CTKD — as well as specific steps needed to exploit the flaw — are not yet available).  That in turn paves the way for an attacker to pair their own devices to the target’s device, with no authentication needed.

For this attack to be successful, an attacker would need to be within wireless range of a vulnerable Bluetooth device. That can vary from 330 feet for Bluetooth 4.0 devices, to 800 feet for Bluetooth 5.0.

To be vulnerable, a device would need to support both BR/EDR and BLE transports and also support CTKD. It must also permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the transport types; that allows attackers to interfere between the two transports by impersonating a previously paired device. Thus, it enables their non-authenticated encryption keys to replace the authenticated keys.

“If a device spoofing another device’s identity becomes paired or bonded on a transport, and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur,” according to a security advisory on Wednesday by the Bluetooth Special Interest Group (SIG), the organization that oversees the development of Bluetooth standards. “This may permit a man-in-the-middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.”

The attacker could then sniff out communications between the two devices – allowing them to spy on messages or potentially even alter them.

Bluetooth Mitigations

The Bluetooth SIG is recommending that potentially vulnerable Bluetooth implementations introduce the restrictions on CTKD that have been mandated in Bluetooth Core Specification versions 5.1 and later. These restrictions prevent the overwrite of an authenticated key or a key of a given length with an unauthenticated key or a key of reduced length.

“The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches,” according to Bluetooth.  “As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers.”

Several Bluetooth-based attacks have cropped up over the past year. In May, academic researchers uncovered security vulnerabilities in Bluetooth Classic that could have allowed attackers to spoof paired devices and capture sensitive data. In February, meanwhile, a critical vulnerability in the Bluetooth implementation on Android devices was discovered that could allow attackers to launch remote code-execution (RCE) attacks – without any user interaction.

On Wed Sept. 16 @ 2 PM ET: Learn the secrets to running a successful Bug Bounty Program. Register today for this FREE Threatpost webinar “Five Essentials for Running a Successful Bug Bounty Program“. Hear from top Bug Bounty Program experts how to juggle public versus private programs and how to navigate the tricky terrain of managing Bug Hunters, disclosure policies and budgets. Join us Wednesday Sept. 16, 2-3 PM ET for this LIVE webinar.

Suggested articles