A vulnerability in the ubiquitous Bluetooth wireless standard could enable hackers to connect to devices remotely in a given area and access users’ applications dubbed Blurtooth
Bluetooth is found in billions of devices worldwide ranging from smartphones to “internet of things” gadgets. In the consumer technology world, it’s commonly used to power short-range connections for tasks such as pairing wireless earbuds with a handset. Bluetooth also supports longer-range data transfer over distances of as much as several hundred feet, a range that hackers could potentially exploit using Blurtooth to launch attacks.
The vulnerability harnesses a weakness in the way Bluetooth verifies the security of connections. Normally, a user must manually approve a connection request before their device is linked to another system, but Blurtooth makes it possible to circumvent this defense.
A hacker can configure a malicious system to impersonate a Bluetooth device that the user had already approved, such as their wireless earbuds, and gain access to the Bluetooth-enabled apps on the user’s machine.
Blurtooth attacks rely on a built-in Bluetooth security feature known as CTKD. Normally, this feature is used to help encrypt connections. Hacker could exploit it to hijack the authentication key of a previously approved device, which is what makes it possible to impersonate legitimate endpoints, and thereby circumvent the need for the user to approve inbound connections.
The limited wireless range of Bluetooth reduces the threat posed by the vulnerability. The two editions of the technology affected, Low Energy and Basic Rate, only support connections over distances of up to 300 or so feet.
The widespread support for those two Bluetooth editions in consumer devices means that a large number of endpoints could potentially be vulnerable.
All devices using Bluetooth versions 4.0 through 5.0 are affected. The newest 5.2 version, which isn’t yet widely adopted, apparently isn’t vulnerable, while the 5.1 release has certain built-in features that device makers can turn on to block Blurtooth attacks.