BLURtooth (BLUR Attacks) Disclosure

Since January 2020 we’ve been working on a security analysis of Bluetooth cross-transport key-derivation (CTKD). In May 2020 we reported to the Bluetooth SIG a set of CTKD vulnerabilities and related attacks (i.e., the BLURtooth report about the BLUR attacks) and kept our findings private.

The 10th of September 2020 the Bluetooth SIG posted the following security note without letting us know: Bluetooth SIG Statement Regarding the Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy Vulnerability (BLURtooth).

To clarify our position with respect to such security note we release a public disclosure statement and an updated version of the BLURtooth technical report. Enjoy!

Bonus track:

Daniele Antonioli
Daniele Antonioli
Postdoc at EPFL -> Asst. prof at EURECOM

I’m interested in cyber-physical and wireless systems security.

comments powered by Disqus