Preface: Bluetooth Low Energy (BLE) is a low power wireless communication technology that can be used over a short distance to enable smart devices to communicate. … Today, the majority of Android and iOS devices on the market incorporate BLE for communication and interaction with other devices.
Ref I: CTKD pairing allows the devices to pair once using either transport method while generating both the BR/EDR and LE Long Term Keys (LTK) without needing to pair a second time.
Ref II: Bonding: First, do Pairing to have a secure link, then exchange keys for the next time we meet, so that we don’t need to perform Pairing again to have a secure link.
Vulnerability details: Multiple devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing could allow a remote malicious user to conduct a man-in-the-middle attack.
Remedy:The affected devices include all products using Bluetooth 4.0 to 5.0. Bluetooth after version 5.1 will not be affected due to the addition of restrictions on CTKD.