This post is also available in: עברית (Hebrew)
New BLUFFS attack pries on Bluetooth vulnerability, enabling attackers “in the middle” to snoop on communications.
According to Cybernews, BLUFFS, or “Bluetooth Forward and Future Secrecy”, is a term coined by EURECOM researcher Daniele Antonioli, demonstrating six novel Bluetooth attacks. Antonioli explains that they are effective on a large scale, in exploiting a broad set of devices such as laptops, smartphones, headsets, and speakers on multiple operating systems.
Researchers from EURECOM released a toolkit that could automatically perform and check the effectiveness of the attacks, stating: “We show that our attacks have a critical and large-scale impact on the Bluetooth ecosystem, by evaluating them on seventeen diverse Bluetooth chips from popular hardware and software vendors and supporting the most popular Bluetooth versions.”
The researchers have also reportedly developed and tested an enhanced key derivation function that stops such attacks, and disclosed the findings to the Bluetooth SIG.
The researchers identified that an MITM (man in the middle) attacker can force paired devices to establish an encryption procedure using legacy and less secure methods with shorter encryption keys and manipulate certain values in this process. When successful, an attacker in proximity may ensure that the same encryption key is used for every session. Brute forcing could be used for decrypting any subsequent sessions.
EURECOM researchers are advising vendors to implement solutions that reject service-level connections with weak keys. They also recommend their low-cost toolkit to patch Bluetooth firmware, stating: “We hope our fix will soon be added to the standard and implemented by the vendors. Moreover, we recommend to vendors implementation-level mitigations that can be adopted while waiting for an update to the standard.”
In conclusion, there is currently not much that users can do to secure connections, due to the vulnerability being at protocol level.