Your new post is loading...
The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.
A high-severity Bluetooth vulnerability has been uncovered, which could enable an unauthenticated attacker within wireless range to eavesdrop or alter communications between paired devices.
The flaw (CVE-2020-15802), discovered independently by researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University, is being referred to as “BLURtooth.” The issue exists in the pairing process for Bluetooth 4.0 through 5.0 implementations. This pairing process is called Cross-Transport Key Derivation (CTKD).
“Devices… using [CTKD] for pairing are vulnerable to key overwrite, which enables an attacker to gain additional access to profiles or services that are not restricted, by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key,” according to a security advisory on Wednesday by the Carnegie Mellon CERT Coordination Center.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth
The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.
A high-severity Bluetooth vulnerability has been uncovered, which could enable an unauthenticated attacker within wireless range to eavesdrop or alter communications between paired devices.
The flaw (CVE-2020-15802), discovered independently by researchers at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University, is being referred to as “BLURtooth.” The issue exists in the pairing process for Bluetooth 4.0 through 5.0 implementations. This pairing process is called Cross-Transport Key Derivation (CTKD).
“Devices… using [CTKD] for pairing are vulnerable to key overwrite, which enables an attacker to gain additional access to profiles or services that are not restricted, by reducing the encryption key strength or overwriting an authenticated key with an unauthenticated key,” according to a security advisory on Wednesday by the Carnegie Mellon CERT Coordination Center.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth