Security News > 2020 > September > Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks
There are two types of Bluetooth protocols related to the attack - the older Bluetooth Classic and newer Bluetooth Low Energy.
The process of CTKD is utilized when two dual-mode devices pair with each other - "Dual-mode" meaning that they support both BLE and BR/EDR. The process means the devices only need to pair over either BLE or BR/EDR to get the encryption keys - called Link Keys - for both transport types in one go.
"If a device spoofing another device's identity becomes paired or bonded on a transport, and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur," according to a security advisory on Wednesday by the Bluetooth Special Interest Group, the organization that oversees the development of Bluetooth standards.
The Bluetooth SIG is recommending that potentially vulnerable Bluetooth implementations introduce the restrictions on CTKD that have been mandated in Bluetooth Core Specification versions 5.1 and later.
In February a critical vulnerability in the Bluetooth implementation on Android devices was discovered that could allow attackers to launch remote code-execution attacks - without any user interaction.