Researchers at Eurecom University in the south of France have discovered Bluetooth vulnerabilities and developed attacks for them. The so-called “BLUFFS” can be used to break into Bluetooth sessions, spoof the device identity and carry out man-in-the-middle attacks.
The “BLUFFS” attacks by Eurecom researchers are tough: they rely on vulnerabilities in the structure of Bluetooth. Daniele Antonioli, Assistant Professor at Eurecom University, has discovered the possibilities for Bluetooth attacks that exploit previously unknown vulnerabilities in the Bluetooth standard. The vulnerabilities relate to how session keys are derived to decrypt data in exchange.
Vulnerabilities in the Bluetooth architecture
The defects found are not specific to hardware or software configurations, but rather architectural in nature to Bluetooth. The issues are tracked under CVE-2023-24023 and impact Bluetooth Core Specification 4.2 to 5.4.
Given the widespread use of the established wireless communications standard and the versions affected by the exploits, the potential BLUFFS attacks could target billions of devices, including laptops, smartphones and other mobile devices.
This is how the BLUFFS attacks work
The BLUFFS attacks consist of a series of exploits aimed at disrupting Bluetooth sessions. This will endanger the secrecy between devices with Bluetooth connections in the future. This is achieved by exploiting four flaws in the session key derivation process, two of which are new, to force the derivation of a short, therefore weak and predictable session key (SKC). The attacker then enforces the key through brute force attacks, allowing the decryption of past communications as well as the decryption or manipulation of future communications. Executing the attack requires that the attacker is within Bluetooth range of the two targets.
The researchers have developed and shared on GitHub a toolkit that demonstrates the effectiveness of BLUFFS. It includes a Python script to test the attacks, the ARM patches, the parser, and the PCAP samples captured during their testing. The BLUFFS vulnerabilities affect Bluetooth 4.2, released in December 2014, and all versions up to the latest version, Bluetooth 5.4, released in February 2023.
More on Github.io