Security News New BLUFFS Bluetooth Attack Methods Can Have Large-Scale Impact: Researcher

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,964
EURECOM assistant professor Daniele Antonioli has demonstrated a series of novel attacks targeting Bluetooth sessions’ forward and future secrecy.

By compromising a session key, an attacker can impersonate devices and set up man-in-the-middle (MitM) attacks, effectively breaking the future and forward secrecy guarantees of Bluetooth’s pairing and session establishment security mechanisms.

Called BLUFFS (Bluetooth Forward and Future Secrecy), the attacks exploit two novel vulnerabilities in Bluetooth, impacting the unilateral and repeatable session key derivation. Tested on 17 different Bluetooth chips, the attacks have a large-scale impact on the ecosystem, the academic researcher says.

“As the attacks affect Bluetooth at the architectural level, they are effective regardless of the victim’s hardware and software details,” Antonioli notes in his research paper.

The BLUFFS attacks enable a hacker to brute-force the session encryption key in real time, which can allow them to conduct live injection attacks on traffic between the targeted devices, according to the Bluetooth Special Interest Group (SIG), which assigned CVE-2023-24023 to the issue.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top