Devices with Bluetooth 4.0 and 5.0 have been compromised and cannot be fixed

0
306

Devices with Bluetooth 4.0 and 5.0 have been compromised and cannot be fixed

Researchers from the United States and Switzerland have independently discovered a new vulnerability in some implementations of the Bluetooth protocol from versions 4.0 to 5.0. Using it, attackers can gain full access to the smartphone by rewriting the keys required to pair the devices. The vulnerability was named Bluetooth.

Bluetooth

It is worth noting that the loophole can be used to hack devices that support the high-speed Bluetooth Classic standard, as well as the energy-efficient Bluetooth Low Energy, provided that the devices use the Cross-Transport Key Derivation connection method. When this method is used to pair dual-mode Bluetooth devices, the procedure is performed only once using one of these two communication methods.

Long-term keys are generated during the pairing process, which can be overwritten in cases where the connection requires a higher level of security. This feature is used to implement BLUR attacks. In addition to the fact that an attacker can gain full access to applications on the attacked device, there is also the possibility of stealthily eavesdropping on the victim’s smartphone.

It is noted that it is not possible to completely exclude the possibility of BLUR attacks, since the problem exists at the protocol level, and not in the software of specific devices. As a measure to partially help protect devices from tampering, the Bluetooth SIG recommends that OEMs introduce restrictions on obtaining Cross-Transport keys, which are written by default in the baseline specifications for Bluetooth 5.1 and later.