BLURtooth video, new CVE, and GH repo
I’m glad to share three updates about the BLURtooth paper.
We successfully tested the BLUR attacks on a Google Pixel 6 (Bluetooth 5.2) and submitted our findings to Google. They classified the report with high severity, assigned CVE-2022-20361, and shipped fixes as part of August’s Android Security bulletin. More details about the fixes can be found here. This is yet another finding demonstrating that the attacks are effective on all Bluetooth versions supporting CTKD unlike stated in this note from the Bluetooth SIG .
After following responsible disclosure we also publish the instructions to reproduce the BLUR attacks in a GitHub repository.
Below you can find the paper presentation streamed at AsiaCCS'22: