Researchers at Eurecom have uncovered a series of attacks that could compromise Bluetooth connections across numerous devices. The newly identified vulnerabilities, termed ‘BLUFFS,' enable attackers to break the secrecy of Bluetooth sessions, which could lead to unauthorized device impersonation and man-in-the-middle (MitM) exploits.
Exploiting the Bluetooth Standard
The BLUFFS attack series takes advantage of four critical issues in the Bluetooth key derivation process to manipulate the generation of weak session keys. Attackers could then more easily brute-force these keys and gain the ability to decrypt and manipulate data exchanged between devices. While this process traditionally relies heavily on established security measures, BLUFFS bypasses these defenses by pushing for the creation of a predictable session key that can be more readily compromised.
The researchers have identified and provided details on six different attack possibilities that stem from these vulnerabilities, which affect Bluetooth Core Specification versions 4.2 through 5.4. Given the ubiquity of Bluetooth in today's devices, spanning from smartphones to laptops, the threat scope of BLUFFS is considered to be extensive.
Addressing Bluetooth Security Risks
In their technical paper, the Eurecom team demonstrates the success rate of BLUFFS attacks against a variety of devices. Moreover, they offer backward-compatible solutions to mitigate these and other potential threats, such as upgrading the Key Derivation Function (KDF) and enforcing stronger mutual authentication during the pairing process.
The Bluetooth Special Interest Group (SIG) has acknowledged the reported flaws, tracked under CVE-2023-24023, and issued recommendations that call for rejecting connections below a certain key strength and advocating for the use of the highest possible security modes during device pairing.
To aid in understanding and potentially safeguarding against the exploits, the research group has also made their assessment toolkit publicly available on GitHub, which consists of Python scripts and other resources useful for evaluating the risks posed by the BLUFFS attack vectors.