Why it matters: Most newer Bluetooth devices are easier to pair thanks to the Just Works security model implemented in Bluetooth 4.0 and later standards. However, this additional convenience can be used by an attacker to compromise all of your Bluetooth devices.
The Bluetooth Special Interest Group has already confirmed today that there are new security flaws in Bluetooth 4.x and Bluetooth 5.0 that would allow an attacker within wireless range to essentially overwrite the pairing key and access other Bluetooth devices that you have possibly coupled with pairing they have compromised.
The shortcomings were identified by two separate research teams at Purdue University and the École Polytechnique Fédérale de Lausanne. Collectively referred to as “BLURtooth”
This means that the problem affects millions of smartphones, tablets, laptops, and countless IoT devices that support dual-mode pairing. An attacker could take advantage of the fact that these devices are paired via either BLE or BR / EDR to obtain the connection keys for both transport types without having to repeat the process.
Many devices are paired with the Just Works security model, which does not protect against man-in-the-middle (MITM) attacks or passive eavesdropping. Therefore, the attacker can use this convenience to impersonate a Bluetooth device and gain access to others who use strong encryption keys.
The good news is that these attacks require the hacker to be within radio range, which in practice can be much smaller than the theoretical maximums in the official specification. Bluetooth SIG is currently working with manufacturers to develop firmware updates for affected devices. The upcoming Bluetooth 5.1 specification will contain restrictions that prevent encryption keys from being overwritten.
However, this is becoming a worrying trend, with two serious security vulnerabilities exposed every year – from exploits as simple as turning a button to attacks that make it trivial to track you through your smartphone or wearables.