Bluetooth connections no longer private with new BLUFFS attacks


Bluetooth, a low-power wireless technology connecting our devices, has a new vulnerability to iron out. Attackers in the middle could easily snoop on your communications using a new BLUFFS attack.

Daniele Antonioli, a researcher at the French research center EURECOM, demonstrated six novel attacks, defined as BLUFFS (Bluetooth Forward and Future Secrecy) attacks. They are effective on a large scale, exploiting a broad set of devices, such as laptops, smartphones, headsets, and speakers on multiple operating systems.

Most chip vendors, such as Intel, Broadcom, Apple, Samsung, Qualcomm, and others, can be affected because the attacks target Bluetooth at the architectural level.

ADVERTISEMENT

Man in The Middle (MITM) – a hacker – could exploit vulnerabilities to break Bluetooth session secrecy. Researchers released the toolkit, which could automatically perform and check the effectiveness of the attacks. The toolkit manipulates and monitors Bluetooth session key derivation.

“We show that our attacks have a critical and large-scale impact on the Bluetooth ecosystem, by evaluating them on seventeen diverse Bluetooth chips (eighteen devices) from popular hardware and software vendors and supporting the most popular Bluetooth versions”, the paper reads.

The researchers also developed and tested an enhanced key derivation function, which stops such attacks. They responsibly disclosed the findings to the Bluetooth SIG

Bluetooth SIG acknowledged the work and issued a report that devices supporting Secure Connections pairing and Secure Simple Pairing in Bluetooth Core Specifications 4.2 through 5.4, may be vulnerable to MITM attacks.

“For this attack to be successful, an attacking device needs to be within wireless range of two vulnerable Bluetooth devices initiating an encryption procedure using a link key obtained using BR/EDR Secure Connections pairing procedures,” the statement reads.

The researchers identified that a MITM attacker can force paired devices to establish an encryption procedure using legacy and less secure methods with shorter encryption key and manipulate certain values in this process. When successful, an attacker in proximity may ensure that the same encryption key is used for every session. Brute forcing could be used for decrypting any subsequent sessions.

While posing a security risk, some systems might have measures refusing access to host resources from a “downgraded session.”

“Brute forcing of a 7-octet key is not anticipated to be possible in real-time during a session, however, an attacker able to co-locate with attacked devices may be able to record sufficient private traffic to make an attack on a single session key worthwhile,” Bluetooth SIG said.

ADVERTISEMENT

“If a successful attacker can reduce the encryption key length below 7 octets, the attacker may be able to complete a brute forcing of the encryption key in real-time, permitting live injection attacks on traffic between the affected peers.”

The vendors are advised to implement solutions that reject service-level connections with weak keys.

Researchers from EURECOM themselves provided a low-cost toolkit to pach Bluetooth firmware.

“We hope our fix will soon be added to the standard and implemented by the vendors. Moreover, we recommend to vendors implementation-level mitigations that can be adopted while waiting for an update to the standard,” the paper reads.

There is not much users can do to secure connections as the vulnerability is at the protocol level.