Blurtooth security vulnerability? AirID is safe – Blurtooth has no chance with AirID.
Düsseldorf, 21.09.2020, certgate, one of the leading specialists in mobile IT security, emphasizes that all AirID products are not affected by the Blurtooth security gap. AirID connections are secure, because only BLE with authenticated pairing are allowed.
Researchers of the Swiss École Polytechnique Fédérale de Lausanne and the US-American Purdue University have independently discovered the vulnerability and have alerted SIG to the problem. All devices that use Bluetooth versions 4.2 to 5.0 will be affected. The security gap is known as Blurtooth because it enables so-called Blur attacks. With such attacks, hackers can gain access to personal data on a device, which is stored there without further restrictions, as Futurezone.at reports. The gap is found in the Cross-Transport-Key-Derivation (CTKD) function, which is essential for Bluetooth and thanks to which two devices exchange cryptographic keys. (Official publication on Bluetooth.com)
AirID is secure because AirID only uses Bluetooth Low Energy and only allows Authenticated Pairing and AirID uses an additional secure AES256 encryption, which is completely independent from the Bluetooth standard implementation. Thus the security (encryption) of the AirID Bluetooth connection to the computer, smartphone or tablet is independent of the operating system and implementation of the devices. This AirID security and encryption has been tested by the German Federal Office for Information Technology (BSI) and approved for use in government agencies for protected information (VS-NfD) in conjunction with the mobile app SecurePIM.
certgate continuously invests in research and development of the AirID product family. For example, all AirID readers have the additional encryption and can even be equipped with additional functions and protection via software update if required.