Bluetooth Unveils Its Latest Security Issue, With No Security Solution
Over the years, Bluetooth has gathered a large number of dedicated users and enthusiasts despite evident vulnerabilities during its inception phase.
The manufacturers of this wireless data transfer technology issued a statement concerning the recent threat Bluetooth enabled devices may face. This statement however, didn’t include possible solutions at the moment.
The threat was revealed when researchers working at The Bluetooth Special Interest Group, and some from Carnegie Mellon called the attention of the company’s board to the issue.
It was named “BLURtooth”. According to the report, the set of commands Android and iOS devices use when linking with other Bluetooth enabled devices can be intercepted by an attacker to gain access to other application or services affiliated to Bluetooth on the phone.
The root of the issue is sourced to the Cross-Transport Key Derivation protocol, (CTKD).
The function of CTKD is to provide two authentication passkeys whenever a Bluetooth device wants to pair; one for a device with “Bluetooth Low Energy,” and the other using “Basic Rate/Enhanced Data Rate” standard.
The quantity of data required by devices differs from one another and that of battery energy also differs among mobile devices.
The ability to correctly delegate standards for devices that require more data (like Chromecast) and for those that require less data, (like smartwatches) proves to be more efficient. It however may not be secure too.
Judging from the study, a phone which uses both standards but does not request for authentication or any kind of permission from the receiving device is prone to attack; an attacker within range can utilize its CTKD protocol to create its personal competing key.
According to the researchers, through that connection, this kind or ersatz authentication may give bad actors access to weaken encryptions used initially by these keys which exposes the owner to subsequent attacks, or perform intermediary attacks which steals unsecured data sent by the phone.
I know, I know this is a lot to process, bet let us take it small small..
We don’t have cases of BLUR-based attacks occurring in the wild but for safety sake, the Bluetooth Special Interest Team went round informing device vendors about the possibility of these attacks. The team advised those worried about connections with potential vulnerability to employ Bluetooth’s 5.1 handy CTKD restrictions.
For the moment, Bluetooth 4.0 and 5.0 devices are still bedeviled with these security lapses. If you still employ the slightly archaic versions, the Bluetooth Company’s corporate statement advises you to protect your device by being extra vigilante when pairing your devices because a hacker would need some level of proximity to carry out at an attack.
Certain other steps can be taken to protect your Bluetooth device but at the moment, patching isn’t an option. Right now there is no clue from the company as to when a patch is expected so we are left at the mercy of OS operators and Bluetooth vendors to find a solution quickly.
Until then my people, be weary of Bluetooth transfers.
In layman terms Them don dey hack phone through Bluetooth oh!! Make you off your Bluetooth so that “bet I” “ bet I” no go enter case..
Lovely day from Zudera