BLURtooth video, new CVE, and GH repo

Aug 17, 2022 1 min read

I’m glad to share three updates about the BLURtooth paper.

We successfully tested the BLUR attacks on a Google Pixel 6 (Bluetooth 5.2) and submitted our findings to Google. They classified the report with high severity, assigned CVE-2022-20361, and shipped fixes as part of August’s Android Security bulletin. More details about the fixes can be found here. This is yet another finding demonstrating that the attacks are effective on all Bluetooth versions supporting CTKD unlike stated in this note from the Bluetooth SIG .

After following responsible disclosure we also publish the instructions to reproduce the BLUR attacks in a GitHub repository.

Below you can find the paper presentation streamed at AsiaCCS'22:

blur
Daniele Antonioli
Daniele Antonioli
Assistant Professor

Research in cyber-physical and wireless system security

comments powered by Disqus

Related