Bluetooth vulnerability in the Cross-Transport Key Derivation (CTKD), which is a component of the Bluetooth standard.
When pairing two Bluetooth devices, the CTKD component is in charge of negotiating and setting up authentication keys.
By exploiting the CTKD to replace the keys, a hacker can take advantage of Bluetooth’s vulnerability and get extra access to both devices.
“For this attack to be successful, an attacking device would need to be within wireless range of a vulnerable Bluetooth device supporting both BR/EDR and LE transports that supports CTKD between the transports and permits pairing on either the BR/EDR or LE transport either with no authentication.
When both peer devices are weak, this could open the door for a Man In The Middle (MITM) attack between devices that have previously bonded through authorised pairing.
SIG advises users to “rapidly integrate any relevant changes” in the same notice.
Users of Bluetooth should always make sure they have installed the most recent updates that device and operating system makers have advised.
Further steps you should be taking to stay safe when using Bluetooth are:
- Disable Bluetooth when it’s not in use. This will reduce the chance that an attacker will see your device and attempt to hack it.
- Use the ‘hidden’ mode. This mode prevents unfamiliar devices from recognizing and paring with your device. If you choose to add a new device, you’ll need to disable this feature to pair it.
- Try to only use Bluetooth in secure areas. Public areas, like airports and hotels, are more likely to have hackers nearby.
- Always reject pairing requests from unknown devices.
- Keep your software up-to-date at all times.
Your device’s Bluetooth vulnerability is always open and waiting for potential connections when it is turned on.
Our advice is to turn it off if you’re not using it right away or if you’re in a public place.