Security News

There are two types of Bluetooth protocols related to the attack - the older Bluetooth Classic and newer Bluetooth Low Energy. The process of CTKD is utilized when two dual-mode devices pair with each other - "Dual-mode" meaning that they support both BLE and BR/EDR. The process means the devices only need to pair over either BLE or BR/EDR to get the encryption keys - called Link Keys - for both transport types in one go.

Bluetooth SIG-an organization that oversees the development of Bluetooth standards-today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation of devices supporting both - Basic Rate/Enhanced Data Rate and Bluetooth Low Energy standard.

A security vulnerability in the Cross-Transport Key Derivation of devices supporting both Bluetooth BR/EDR and LE could allow an attacker to overwrite encryption keys, researchers have discovered. The implementation of CTKD in older versions of the specification "May permit escalation of access between the two transports with non-authenticated encryption keys replacing authenticated keys or weaker encryption keys replacing stronger encryption keys," the Bluetooth Special Interest Group explains.

As first reported by Ars Technica, Bridgefy was promoting itself earlier this year as the app of choice for protesters in Hong Kong and India to organise their activities without being easily spied upon by law enforcement agencies. The app uses both the internet and Bluetooth Low Energy for passing messages between users, falling back to the latter as a mesh network if wider internet connectivity is unavailable.

Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. Kali NetHunter - Kali's mobile pentesting platform/app - has been augmented with Bluetooth Arsenal, which combines a set of Bluetooth tools in the app with pre-configured workflows and use cases.

Apptricity announced the launch of its new 20-Mile Ultra Long-Range Bluetooth beacon. This new Bluetooth, from the Apptricity Development Group, is the longest-ranging secure connection on the market, with the ability to transmit data up to 20 miles outdoors and penetrate up to 20 floors indoors.

Renesas Electronics Corporation announced sample shipment availability of the new RYZ012 Bluetooth module targeting ultra-low power IoT applications. The RYZ012 also includes a battery monitor to measure battery capacity and detect low power in battery-operated devices.

The creators of the Mooltipass hardware password manager have unveiled the Mooltipass Mini BLE, a Bluetooth-enabled version of the device that includes many new and useful features. Back in 2016, SecurityWeek reviewed the second generation of the Mooltipass open source hardware password manager, the Mooltipass Mini.

Laird Connectivity has announced the upcoming Sterling-LWB5+ Wi-Fi 5 and Bluetooth 5.1 module. Laird Connectivity's new Sterling-LWB5+ was intentionally designed for industrial IoT applications where performance, size, cost, and ruggedness are required to deliver reliable wireless connectivity.

The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key. We describe each vulnerability in detail, and we exploit them to design, implement, and evaluate master and slave impersonation attacks on both the legacy authentication procedure and the secure authentication procedure.