Blueliv Intelligence Briefing
Your cybersecurity news summary
Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.
Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.
BLURtooth vulnerability allows attacking Bluetooth encryption process
A security advisory explains that when CTKD is used for pairing dual-mode Bluetooth devices, the procedure happens only once over one of the two data transport methods. In the process, Long Term Keys / Link Keys (LTK/LK) are generated and they can be overwritten for cases where the transport enforces a higher level of security, which is what a BLUR attack takes advantage of. An attacker in the Bluetooth proximity of a vulnerable target device could spoof the identity of a paired device to overwrite the original key and access authenticated services. BLURtooth is also suitable for man-in-the-middle (MitM) type of attacks, with the attacker sits between two vulnerable devices that had been linked using authenticated pairing. Learn more >