Tag: BLE

BLURTooth Vulnerabilities

28 September 2020 by Phillip Johnston • Last updated 15 August 2023The BLURTooth vulnerabilities exploit a flaw in “cross-transport key derivation” (CTKD), which is used in “dual-mode” devices which support both Bluetooth Classic (BT) and Bluetooth Low Energy (BLE). CTKD is used to improve the pairing experience for devices that support both BLE and BT. Users can pair the device once, through either BT or BLE, and necessary keys for all transports will be generated. This prevents users from needing to pair a device multiple times, once with BT and once with BLE. BLURTooth exploits vulnerabilities in CTKD to enable …

Continue reading “BLURTooth Vulnerabilities”

To access this content, you must purchase a Membership - check out the different options here. If you're a member, log in.

Sweyntooth BLE Vulnerabilities

29 February 2020 by Phillip Johnston • Last updated 18 August 2020On 11 February 2020, the SweynTooth family of Bluetooth vulnerabilities was announced by the ASSET Research Group at the Singapore University of Technology and Design. These vulnerabilities highlight the dangers of blindly relying on a vendor’s security testing process, as well as flaws with BLE certification testing. If you’re interested in this topic, we encourage you to read the original paper. The paper is well-written and goes into greater detail than is covered here. Overview SweynTooth is a family of 12 public vulnerabilities, with additional vulnerabilities under non-disclosure, that …

Continue reading “Sweyntooth BLE Vulnerabilities”

To access this content, you must purchase a Membership - check out the different options here. If you're a member, log in.