Researchers at Eurecom have recently discovered six new attacks collectively known as BLUFFS that pose a significant threat to the security of Bluetooth sessions. These attacks exploit two previously unknown flaws in the Bluetooth standard, which can lead to device impersonation and man-in-the-middle (MitM) attacks.
Daniele Antonioli, the researcher who uncovered the attacks, explains that BLUFFS takes advantage of architectural flaws in the Bluetooth standard rather than specific hardware or software configurations. This means that the vulnerabilities affect Bluetooth at a fundamental level, making a wide range of devices susceptible to these attacks.
The flaws, which are tracked under the identifier CVE-2023-24023, impact Bluetooth Core Specification versions 4.2 through 5.4. Considering the widespread use of Bluetooth and the affected versions, billions of devices, including laptops, smartphones, and other mobile devices, could potentially be targeted by BLUFFS.
How BLUFFS Works
BLUFFS is a series of exploits targeting Bluetooth sessions, aiming to compromise the confidentiality of past and future communications between devices. The attacks exploit four flaws in the session key derivation process, two of which are newly discovered. By forcing the derivation of a weak and predictable session key (SKC), the attacker can decrypt past communications and manipulate future ones.
The attack involves the attacker being within Bluetooth range of two devices exchanging data. The attacker impersonates one of the devices and negotiates a weak session key with the other device, proposing the lowest possible key entropy value and using a constant session key diversifier.
The researchers have outlined six different types of BLUFFS attacks in their published paper, covering various combinations of impersonation and MitM attacks. These attacks work regardless of whether the victims support Secure Connections (SC) or Legacy Secure Connections (LSC).
To demonstrate the effectiveness of BLUFFS, the researchers have developed a toolkit, which includes a Python script for testing the attacks, ARM patches, a parser, and PCAP samples captured during their tests. This toolkit is available on GitHub.
Impact and Remediation
BLUFFS impacts Bluetooth versions 4.2 through 5.4, which were released between December 2014 and February 2023. The researchers conducted tests on various devices, including smartphones, earphones, and laptops running Bluetooth versions 4.1 through 5.2. All of these devices were found to be susceptible to at least three out of the six BLUFFS attacks.
In their paper, the researchers propose backward-compatible modifications to enhance session key derivation and mitigate BLUFFS and similar threats. These modifications include introducing a new “Key Derivation Function” (KDF) for Legacy Secure Connections (LSC) that involves mutual nonce exchange and verification, using a shared pairing key for the authentication of key diversifiers, enforcing Secure Connections (SC) mode when possible, and maintaining a cache of session key diversifiers to prevent reuse.
The Bluetooth SIG, the organization responsible for the development and licensing of the Bluetooth standard, has received the report from Eurecom and published a statement on its site. They recommend implementing measures such as rejecting connections with low key strengths, using “Security Mode 4 Level 4” for higher encryption strength, and operating in “Secure Connections Only” mode during pairing.
It is crucial for device manufacturers and users to stay informed about these vulnerabilities and apply any necessary updates or patches to mitigate the risks posed by BLUFFS attacks. By taking proactive measures, the security of Bluetooth-enabled devices can be significantly improved.