In a groundbreaking discovery, researchers at Eurecom have developed a series of attacks that target Bluetooth sessions, collectively named BLUFFS (Bluetooth Forward and Future Secrecy). These attacks pose a serious threat to the privacy and security of Bluetooth-enabled devices.
BLUFFS, discovered by researcher Daniele Antonioli, exploits two previously unknown vulnerabilities in the Bluetooth standard. These architectural flaws, tracked as CVE-2023-24023, affect Bluetooth Core Specifications from versions 4.2 to 5.4, indicating a fundamental issue in the technology's design rather than in specific hardware or software.
BLUFFS attacks can break the encryption of Bluetooth sessions, allowing threat actors to impersonate devices and carry out Man-in-the-Middle (MitM) attacks, compromising the communication secrecy between devices.
The impact of these vulnerabilities is vast, as Bluetooth is a ubiquitous technology used in smartphones, laptops, tablets and a wide range of other Bluetooth-enabled gadgets.
The BLUFFS attacks enable criminals to derive a short, weak and predictable session key (SKC), making it easier to brute force and decrypt past and future communications. However, the perpetrator must remain within Bluetooth range of the targeted devices.
In the Eurecom research paper detailing the BLUFFS vulnerabilities, various commonly used devices were tested and found susceptible to these Bluetooth security flaws. The devices analyzed include a broad range of smartphones, laptops and even earphones, all vulnerable to at least three of the six types of BLUFFS attacks.
To counteract these vulnerabilities, the researchers have proposed several backward-compatible mitigations:
These measures could significantly enhance session key derivation and mitigate the risks posed by BLUFFS and similar threats.
Adding to the concerns, the recent enhancement of Bluetooth capabilities in Flipper Zero, a popular multi-functional device, allows users to flood iOS, Android and Windows devices with numerous fake Bluetooth connection requests. This capability, particularly effective against iOS devices, underscores the evolving nature of threats targeting Bluetooth technology and the need for continuous vigilance.
While Bluetooth remains a crucial component of modern communication technology, the discovery of novel ways to penetrate its defenses could make it challenging to keep connections secure and private.