Bluetooth developers have warned of a new vulnerability. A way to protect against it has not yet been found.
Image via: pikist.com
Hackers have learned to overwrite authentication keys. The gaps gave the name BLURtooth. It is located in the Cross-Transport Key Derivation, which is just needed to configure authentication keys when establishing communication between two devices. This component generates two types of keys at once: the first is applicable to the Bluetooth Low Energy standard, and the second to Basic Rate / Enhanced Data Rate. CTKD is designed to prepare these keys, and it is also needed to allow gadgets to determine which version of the Bluetooth standard they are going to use.
With BLURtooth, attackers are able to manipulate CTKD and overwrite authentication keys. As a result, other Bluetooth services and installed applications become available to the hacker. There is currently no way to fix the vulnerability. It affects all devices with Bluetooth version 4.0 to 5.0.
Earlier, experts evaluated the effectiveness of insurance for theft of money from bank cards.