It’s Europen Daniele Antonioli, associate professor at EURECOM, to have discovered a major new security issue plaguing the Bluetooth standard. 6 o’clock security vulnerabilities in question, collectively baptized with the name BLUFFSallow you to undermine the secrecy of Bluetooth sessions, allow an attacker to impersonate other devices and open the door to attacks man-in-the-middle (MITM).
Examining the content of the analysis published by Antonioli, it emerges that the problem does not concern specific hardware and software implementations Bluetooth. Rather, the problem concerns the architecture itself and therefore affects low-level Bluetooth (Bluetooth Core Specification from version 4.2 up to 5.4 released in February 2023).
Given the “universal” use of the Bluetooth standard, theimpact of vulnerabilities BLUFFS could be truly extensive, affecting billions of devices including notebooks, smartphones and other mobile devices.
How BLUFFS attacks on Bluetooth work
BLUFFS is an acronym for Bluetooth Forward and Future Secrecy Attacks and Defenses. The name comes from the fact that the possible attacks identified by the Europen researcher exploit four defects in the derivation process session keys. Two of these are completely new and allow you to force the derivation of a short, therefore weak and predictable, session key.
After exploiting the flaws in the derivation process, the attacker can launch a type attack brute force in order to guess the session key, allowing the decoding of Bluetooth communications past and the manipulation of future communications.
Come assumptions For the attack, the attacker must physically be within Bluetooth coverage range of the two devices that are exchanging data. The attacker must pass off one of his devices as one of the devices involved in the communication, in order to steal the session key. By pretending to be a legitimate participant, the attacker can propose a entropy value for the key to be as low as possible.
Check attacks with the toolkit and actions to apply to make Bluetooth connections stronger
The technical document shared by Antonioli presents six variations of BLUFFS attacks covering different combinations. The toolkit published on GitHub demonstrates the practical value of the discovery and contains a Python script to test the attacks, patches targeting the ARM platform, and PCAP samples captured during testing.
Antonioli shared several proposed changes which are in any case backwards compatible and which help to improve the key derivation procedure, helping to mitigate risks. The Bluetooth SIG (Special Interest Group), an organization that closely follows the evolution of the standard, not only confirmed receipt of the EURECOM report but published a series of recommendations. Specifically, the Bluetooth SIG experts suggest: reject connections Bluetooth with weak keys (less than seven octets), to use the mode Security Mode 4 Level 4, which ensures a higher cryptographic level, as well as activating the mode Secure Connections Only during the device pairing phase.
Opening image credit: iStock.com/done