Search This Blog

Showing posts with label Bluetooth-enabled devices. Show all posts

A New Security Vulnerability Discovered in Bluetooth technology


Two teams of security researchers have discovered a new vulnerability in Bluetooth technology that has been confirmed by The Bluetooth Special Interest Group (SIG), the bloc responsible for Bluetooth interests. The flaw could potentially allow a hacker to take complete control of a user’s Bluetooth enabled device without authorization.

Bluetooth is a short-range, low powered, high-speed open wireless technology that uses the Internet of Things (IoT) for transmitting fixed and mobile electronic device data. Bluetooth replaces the cables that people conventionally used to connect devices, with an added purpose of keeping the communications secure. However, with convenience and productivity, Bluetooth also presents major security threats.

Devices using the Bluetooth standard 4.0 through 5.0 are vulnerable to a flaw called ‘BLURtooth’ in Cross-Transport Key Derivation (CTKD) - it allows an attacker to manipulate the CTKD component and overwrite authentication keys on the victim’s device. The Bluetooth 5.1 standard released by the Bluetooth SIG in January 2019 contains features that provide security against BLURtooth attacks.

Earlier this year, in May, academics from Italy and Germany identified yet another new type of attack ‘Spectra’, it was reported to break the separation between Wi-Fi and Bluetooth running on the same device. While relying upon the fact that transmissions happen in the same spectrum, the attack works against "combo chips".

In a blog post published on their website, the company told that for CTKD attack to be successful “an attacking device would need to be within wireless range of a vulnerable Bluetooth device supporting both BR/EDR and LE transports that supports CTKD between the transports and permits pairing on either the BR/EDR or LE transport either with no authentication (e.g. JustWorks) or no user-controlled access restrictions on the availability of pairing. If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur. This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.”

“The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers,” the blog further read.

Security flaw in Bluetooth-enabled devices






A group of security researchers at the Center for IT-Security, Privacy, and Accountability (CISPA) found a flaw that could affect billions of Bluetooth-enabled devices, which includes smartphones, laptops, smart IoT devices, and other devices.

The experts named the vulnerability as CVE-2019-9506 and they tagged it as a KNOB (Key Negotiation of Bluetooth).

According to the researchers, the flaw in Bluetooth’s authentication protocols enables hackers to compromise the devices and spy on data transmitted between the two devices. The astonishing fact about the flaw is that the hackers could exploit this vulnerability even though the devices had been paired before.

However, the KNOB’s official website, every standard-compliant Bluetooth device could be exploited. “We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack,” it reads.

Bluetooth SIG has issued a security notice regarding the vulnerability.

  • Conditions for a successful attack:
  • Both the devices have to be vulnerable
  • Both the devices have to be within the range establishing a BR/EDR connection. If any of the devices are not affected by the vulnerability, the attack wouldn’t work
  • Direct transmissions between devices while pairing has to be blocked
  • Existing connections won’t lead to a successful attack — it has to be done during negotiation or renegotiation of a paired device connection


Bluetooth  SIG has started working on updating a remedy for the flaw.