ORSHIN Attack Defense Framework

Bluetooth Cross-Transport Key Derivation (BLUR)

Description

Bluetooth Cross-Transport Key Derivation (BLUR)

Risk Assesment: 9.8

CWE

287

CVE

15802

20361

Attack Surfaces

Controller Implementation (MITRE EMB3D PID-11)

BLE (MITRE EMB3D PID-4111)

Security Manager Protocol (MITRE EMB3D PID-4113)

LMP

Pairing

MagicPairing

CTKD

Attack Vectors

Entropy downgrade (MITRE EMB3D TID-411)

Cross-transport pairing

No IO downgrade (MITRE EMB3D TID-411)

Defenses

Prevent cross-transport key tampering, Disable key overwrite with weaker keys

Enforce strong association mechanisms, Track associations for paired devices and abort on downgrade request

Prevent role switching, Track asymmetries in roles between BT and BLE