A security advisory explains that when CTKD is used for pairing dual-mode Bluetooth devices, the procedure happens only once over one of the two data transport methods. In the process,
Long Term Keys / Link Keys (LTK/LK) are generated and they can be overwritten for cases where the transport enforces a higher level of security, which is what a BLUR attack takes advantage of. An attacker in the Bluetooth proximity of a vulnerable target device
could spoof the identity of a paired device to overwrite the original key and access authenticated services. BLURtooth is also suitable for man-in-the-middle (MitM) type of attacks, with the attacker sits between two vulnerable devices that had been linked
using authenticated pairing.
Learn more >