Updated: BLURtooth Vulnerability Allows Attackers Overwrite Bluetooth Encryption

bluetooth blurtooth vulnerability

A new report from ZDNet exposes that a new Bluetooth vulnerability called BLURtooth has emerged. This allows the attackers to weaken and overwrite the Bluetooth encryption giving access to authenticated services.

This vulnerability lets the attackers get unwanted authentication on the targetted devices. Besides, all the devices with Bluetooth 4.0 or Bluetooth 5.0 technology are exposed to this BLURtooth vulnerability.

This was highlighted by two separate research studies by Bluetooth Special Interest Group (SIG) and the CERT Coordination Center at the Carnegie Mellon University (CERT/CC).


Moreover, BLURtooth’s primary use if for the Bluetooth devices with the ‘dual-mode’ feature. In fact, BLURtooth is a vulnerable component in the Bluetooth standard called Cross-Transport Key Derivation (CTKD).

For your context, this CTKD is the same component that is used to set up authentication keys when you pair two devices.

An attacker can use this vulnerability on devices supporting Bluetooth Classic and Low Energy (LE) data transport methods. Then BLURtooth will set up two unique authentication keys for both devices.


The main use of CTKD is to let the connecting Bluetooth devices select what version of the standard they want to use. For instance, either Bluetooth Low Energy (BLE) or Basic Rate/Enhanced Data Rate (BR/EDR) standard.

BLURtooth can change the CTKD component to overwrite Bluetooth authentication

As per the research studies, it is found that an attacker can manipulate this CTKD component. Which will, in turn, overwrite the Bluetooth authentication.

Apparently, letting the attacker in on the connected devices via Bluetooth. Well, there are two ways how BLURtooth vulnerability can come into play.


Firstly, an attacker can use it to completely overwrite the authentication keys. However, this depends on the version of the Bluetooth.  The other way is BLURtooth can be used to weaken the encryption and gain access to the connected devices.

Good thing is that the devices running Bluetooth 5.1 come with features that will guard them against these BLURtooth attacks. ZDNet notes that Bluetooth SIG officials are communicating with vendors.

And are notifying them about the potential threat of this new vulnerability. Besides, they are also looking at options on how this issue can be prevented.


Solution…Well, patches should be available soon when they are ready

As this is a fairly recently discovered issue, a patch is currently not available at the moment. However, we are sure that the authorized parties are taking this matter very seriously.

Though, nothing is clear as to when the patch will be available for the masses. Some OEMs might take this on high priority, while others may not prioritize security patches.

Whatever the case may be, we will keep an eye out on any further developments in this regard.


Update: 9/11/2020

A spokesperson from the Bluetooth SIG has reached out to provide the following statement for clarification purposes.

We’d like to provide a few clarifications regarding the BLURtooth vulnerability. The initial public statement from the Bluetooth SIG indicated the vulnerability could impact devices using Bluetooth Core Specification versions 4.0 through 5.0. However, that that has now been corrected to indicate just versions 4.2 and 5.0. In addition, the BLURtooth vulnerability does not impact all devices using these versions. To be potentially open to attack, a device must support both BR/EDR and LE simultaneously, support cross-transport key derivation, and leverage pairing and derived keys in a specific way. The fix for this issue is outlined in the Bluetooth Core Specification 5.1 and later, and the Bluetooth SIG has recommended to members with vulnerable product that they incorporate this change into older designs, where possible. The Bluetooth SIG works closely with the research community to identify and resolve potential vulnerabilities in advance of research announcements like today. You can read more about the Bluetooth SIG’s approach to security here: https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/