BLUFFS Bluetooth Attacks Pose Major Threat: A Researcher’s Study

November 29, 2023

Daniele Antonioli, an assistant professor at EURECOM, has unveiled a series of new attacks that compromise the forward and future secrecy of Bluetooth sessions. By breaching a session key, an attacker can mimic devices and establish man-in-the-middle attacks, thereby undermining the security mechanisms of Bluetooth's pairing and session establishment. These attacks, known as BLUFFS (Bluetooth Forward and Future Secrecy), exploit two fresh vulnerabilities in Bluetooth, impacting the unilateral and repeatable derivation of session keys.

Antonioli tested these attacks on 17 different Bluetooth chips, revealing a significant impact on the ecosystem. He states, “As the attacks affect Bluetooth at the architectural level, they are effective regardless of the victim’s hardware and software details.” The BLUFFS attacks allow a hacker to force the session encryption key in real time, enabling them to launch live injection attacks on traffic between the targeted devices, as per the Bluetooth Special Interest Group (SIG), which assigned CVE-2023-24023 to the issue.

The researcher has also made available a low-cost toolkit that uses seven patches for manipulating and observing the derivation of Bluetooth session keys. Furthermore, Antonioli developed an improved key derivation function for Bluetooth that safeguards against all six attacks and their underlying causes, and can be incorporated into the standard.

The BLUFFS attacks are predicated on the assumption that an attacker within Bluetooth range of two victim devices can capture packets in plaintext, knows the victim’s Bluetooth address, can create packets, and negotiate arbitrary capabilities. The attack scenario assumes that the adversary is targeting the current Bluetooth session of the victim device, and that they can reuse a weak session key to decrypt both past and future messages.

According to Antonioli, the BLUFFS attacks stem from four architectural vulnerabilities related to Bluetooth session establishment, including two novel issues that allow the derivation of the same key across sessions. The researcher found that all tested chips and devices were susceptible to the newly devised attacks, stating that the “BLUFFS attacks are practical and have a large-scale impact on the Bluetooth ecosystem.” The Bluetooth SIG was informed about the attack methods in October 2022, and tech giants such as Google, Intel, Apple, Qualcomm, and Logitech have also been notified. Several of them have confirmed they are working on fixes.

Latest News

• Unpatched Vulnerabilities Detected in Ray Open Source Framework for AI/ML
• Google Chrome Rolls Out Urgent Security Update to Address 6th Zero-Day Exploit in 2023
• Critical ownCloud Vulnerability Under Active Exploitation
• North Korean Hackers Innovate macOS Malware Tactics to Elude Detection
• General Electric and DARPA Data Breach Raises National Security Questions