New Security Threats in Bluetooth Technology: The BLUFFS Attacks

In a groundbreaking discovery, researchers at Eurecom have developed a series of attacks that target Bluetooth sessions, collectively named BLUFFS (Bluetooth Forward and Future Secrecy). These attacks pose a serious threat to the privacy and security of Bluetooth-enabled devices.

The Nature of BLUFFS Attacks

BLUFFS, discovered by researcher Daniele Antonioli, exploits two previously unknown vulnerabilities in the Bluetooth standard. These architectural flaws, tracked as CVE-2023-24023, affect Bluetooth Core Specifications from versions 4.2 to 5.4, indicating a fundamental issue in the technology's design rather than in specific hardware or software.

BLUFFS attacks can break the encryption of Bluetooth sessions, allowing threat actors to impersonate devices and carry out Man-in-the-Middle (MitM) attacks, compromising the communication secrecy between devices.

Implications for Device Security

The impact of these vulnerabilities is vast, as Bluetooth is a ubiquitous technology used in smartphones, laptops, tablets and a wide range of other Bluetooth-enabled gadgets.

The BLUFFS attacks enable criminals to derive a short, weak and predictable session key (SKC), making it easier to brute force and decrypt past and future communications. However, the perpetrator must remain within Bluetooth range of the targeted devices.

In the Eurecom research paper detailing the BLUFFS vulnerabilities, various commonly used devices were tested and found susceptible to these Bluetooth security flaws. The devices analyzed include a broad range of smartphones, laptops and even earphones, all vulnerable to at least three of the six types of BLUFFS attacks.

Recommended Mitigations

To counteract these vulnerabilities, the researchers have proposed several backward-compatible mitigations:

• Enforcing SC (Secure Connections) mode could stop the attacks when both targets support SC
• Maintain a cache of seen session key diversifiers to prevent recycling
• Requiring an attacker in the Central role to authenticate the pairing key

These measures could significantly enhance session key derivation and mitigate the risks posed by BLUFFS and similar threats.

Emerging Threats: Flipper Zero’s Bluetooth Capabilities

Adding to the concerns, the recent enhancement of Bluetooth capabilities in Flipper Zero, a popular multi-functional device, allows users to flood iOS, Android and Windows devices with numerous fake Bluetooth connection requests. This capability, particularly effective against iOS devices, underscores the evolving nature of threats targeting Bluetooth technology and the need for continuous vigilance.

While Bluetooth remains a crucial component of modern communication technology, the discovery of novel ways to penetrate its defenses could make it challenging to keep connections secure and private.