Researchers at the EURECOM Graduate School of Engineering have developed six attack methods on Bluetooth connections that can intercept and decrypt data, compromising past and future connections. The attacks are collectively referred to as BLUFFS.
The BLUFFS attacks were made possible by the discovery of two previously unknown vulnerabilities in the Bluetooth standard related to obtaining session keys used to decrypt exchanged data. These vulnerabilities are not related to hardware or software configuration, but are rooted in the architecture of the Bluetooth standard at a fundamental level – they are assigned the number CVE-2023-24023 and affect Bluetooth specification versions 4.2 (released in December 2014) until 5.4 (February 2023). year), although the exploit was confirmed to work on a slightly different set of versions. Given the widespread use of the protocol and the variety of attacks on its versions, BLUFFS can work on billions of devices, including smartphones and laptops.
The BLUFFS series of exploits aims to compromise the security of Bluetooth communications, thereby jeopardizing the privacy of past and future device connections. The result is achieved by exploiting four vulnerabilities in obtaining the session key – it is forced to be weak and predictable. This allows an attacker to conduct brute force attacks by decrypting previous communications and manipulating future ones. The attack scenario assumes that the attacker is within Bluetooth range of both devices and impersonates one of the parties when negotiating a session key, offering the smallest possible key entropy value with a constant diversifier.
The BLUFFS series of attacks includes scenarios in which an attacker impersonates another entity as well as a man-in-the-middle (MitM) attack – they work regardless of whether the victims support a secure connection. A set of tools demonstrating the functionality of exploits was released by EURECOM researchers on GitHub. In the enclosed Article (PDF) presents test results of BLUFFS on a variety of devices, including smartphones, laptops and headphones with Bluetooth versions 4.1 to 5.2 – all of which are vulnerable to at least three of the six exploits. Researchers have proposed wireless protocol protection methods that can be implemented while maintaining backward compatibility for already released vulnerable devices. The organization responsible for the communications standard, Bluetooth SIG, reviewed and published the work opinionIn it, she called on the manufacturers responsible for implementation to increase security through settings for increased encryption strength and to use the “secure connections only” mode when pairing.