Bluetooth devices could soon face a whole new level of security threats

(Image credit: Pixabay)

Researchers have found a way to wiggle their way between two endpoints communicating via Bluetooth, giving them the opportunity to mount device impersonation or man-in-the-middle (MitM) attacks.

The technique was discovered by cybersecurity researchers at Eurecom, who found two flaws that can compromise the secrecy of a Bluetooth session, and six possible attack scenarios, which they dubbed “BLUFFS”.

The flaws are now tracked as CVE-2023-24023, and affect Bluetooth Core Specification from version 4.2 onward. They affect Bluetooth “at a fundamental level”, the publication explains.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Billions of vulnerable devices

The vulnerabilities work because of the way Bluetooth derives session keys which decrypt data in exchange. By affecting the derivation process, the attackers can force Bluetooth to derive a short session key, which can subsequently be brute-forced. That allows the attackers to eavesdrop on any communication between the two endpoints.

The challenge here is that the attacker needs to be within Bluetooth range of the two targets in order to pull the attack off. That being said, there are six different attacks that can be mounted abusing the flaw, including different MitM attacks, the researchers said. They also developed a toolkit to demonstrate just how effective BLUFFS are, and shared it on GitHub. 

Finally, the researchers came up with a couple of modifications to the Bluetooth standard that would tackle BLUFFS and similar threats, and include enhancement to the session key derivation process. The modifications are backward-compatible, they added. The list of mitigations can be found here.

Bluetooth has been around for years and is considered a safe, well-established standard for wireless communication. Therefore, such a vulnerability could be abused to compromise billions of devices around the world, including laptops, smartphones, different internet-connected sensors, and more.

Eurecom tested the flaws on different endpoints and found that all of them were vulnerable to at least three out of six BLUFFS attacks.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.