EURECOM assistant professor Daniele Antonioli has demonstrated a series of novel attacks targeting Bluetooth sessions’ forward and future secrecy.
By compromising a session key, an attacker can impersonate devices and set up man-in-the-middle (MitM) attacks, effectively breaking the future and forward secrecy guarantees of Bluetooth’s pairing and session establishment security mechanisms.
Called
BLUFFS (Bluetooth Forward and Future Secrecy), the attacks exploit two novel vulnerabilities in Bluetooth, impacting the unilateral and repeatable session key derivation. Tested on 17 different Bluetooth chips, the attacks have a large-scale impact on the ecosystem, the academic researcher says.
“As the attacks affect Bluetooth at the architectural level, they are effective regardless of the victim’s hardware and software details,” Antonioli notes in his research paper.
The BLUFFS attacks enable a hacker to brute-force the session encryption key in real time, which can allow them to conduct live injection attacks on traffic between the targeted devices, according to the
Bluetooth Special Interest Group (SIG), which assigned CVE-2023-24023 to the issue.
