Recent research has revealed six novel attacks, collectively termed ‘BLUFFS,’ capable of compromising the confidentiality of Bluetooth sessions. These exploits, discovered by Daniele Antonioli, target two previously unidentified vulnerabilities within the Bluetooth standard, fundamentally affecting the derivation of session keys for data decryption.
Unlike specific hardware or software weaknesses, these architectural flaws pose a significant risk, impacting Bluetooth versions 4.2 through 5.4, including well-established devices like laptops, smartphones, and various mobile devices, potentially affecting billions of users worldwide.
BLUFFS functions as a suite of attacks aiming to dismantle the secrecy of Bluetooth sessions, undermining both present and future confidentiality. Leveraging four vulnerabilities in the session key derivation process, including two novel flaws, attackers can coerce the creation of weak and predictable session keys. Subsequently, by brute-forcing these keys, they gain access to decrypt past communications and manipulate forthcoming exchanges.
The attack scenario involves the attacker positioning themselves within Bluetooth range of two communicating devices, impersonating one and engaging the other in negotiation for a weakened session key. This manipulation exploits the vulnerabilities in key derivation by proposing the lowest key entropy value and utilizing a constant session key diversifier.
The researchers have detailed six types of BLUFFS attacks, encompassing various impersonation and MitM tactics. Notably, these attacks remain effective irrespective of whether the targeted devices support Secure Connections (SC) or Legacy Secure Connections (LSC).
To demonstrate the potency of BLUFFS, the researchers have openly shared a toolkit on GitHub. This toolkit includes a Python script for testing the attacks, ARM patches, parsers, and PCAP samples gathered during their experiments.
Impacting Bluetooth versions from 4.2 to the latest 5.4, which was released in February 2023, BLUFFS has undergone rigorous testing against devices running Bluetooth versions 4.1 through 5.2. The findings confirm vulnerabilities across various devices, including smartphones, earphones, and laptops, all susceptible to at least three out of the six BLUFFS attacks.
As a recommendation to enhance security, the researchers advocate for implementation practices that reject connections with insufficient key strengths, advocate for ‘Security Mode 4 Level 4’ to bolster encryption strength, and advocate for operation in ‘Secure Connections Only’ mode during pairing procedures.
To shield against BLUFFS attacks, users must promptly update their Bluetooth-enabled devices with the latest security patches provided by manufacturers. Exercise caution when pairing devices and ensure connections are made in secure environments. Disabling Bluetooth when not in use and avoiding connections with unknown or suspicious devices can mitigate potential risks. Employing security software specifically designed to detect and counter Bluetooth vulnerabilities can also bolster protection against these attacks.