blur

I’m glad to share three updates about the BLURtooth paper. We successfully tested the BLUR attacks on a Google Pixel 6 (Bluetooth 5.2) and submitted our findings to Google. They classified the report with high severity, assigned CVE-2022-20361, and shipped fixes as part of August’s Android Security bulletin.

Since January 2020 we’ve been working on a security analysis of Bluetooth cross-transport key-derivation (CTKD). In May 2020 we reported to the Bluetooth SIG a set of CTKD vulnerabilities and related attacks (i.