BLURtooth – A new Vulnerability Let Attackers to Overwrite the Authentication Keys



Security researchers from at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University discovered vulnerabilities related to Cross-Transport Key Derivation (CTKD) with Bluetooth BR/EDR and LE in Bluetooth Specifications 4.0 through 5.0.

Bluetooth BR/EDR and LE that using Cross-Transport Key Derivation (CTKD) are vulnerable to key overwrite which allows attackers to gain additional access to profiles by reducing the encryption strength.

Read more…