Security News > 2020 > September > New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
2020-09-10 14:37

Bluetooth SIG-an organization that oversees the development of Bluetooth standards-today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide.

Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation of devices supporting both - Basic Rate/Enhanced Data Rate and Bluetooth Low Energy standard.

Cross-Transport Key Derivation is a Bluetooth component responsible for negotiating the authenticate keys when pairing two Bluetooth devices together, also known as "Dual-mode" devices.

Dubbed 'BLURtooth' and tracked as CVE-2020-15802, the flaw exposes devices powered with Bluetooth 4.0 or 5.0 technology, allowing attackers to unauthorizedly connect to a targeted nearby device by overwriting the authenticated key or reducing the encryption key strength.

"The Bluetooth SIG further recommends that devices restrict when they are pairable on either transport to times when user interaction places the device into a pairable mode or when the device has no bonds or existing connections to a paired device," the researchers said.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/NkwAwbaPRGQ/new-bluetooth-vulnerability.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-09-11 CVE-2020-15802 Improper Authentication vulnerability in Bluetooth Core Specification
Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth.
network
high complexity
bluetooth CWE-287
5.9
5.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bluetooth 4 0 9 7 0 16