EURECOM assistant professor Daniele Antonioli uncovered a series of attacks called BLUFFS targeting Bluetooth’s forward and future secrecy during session establishment. These attacks compromise session keys, allowing impersonation and man-in-the-middle intrusions. They exploit vulnerabilities in Bluetooth’s session key derivation, affecting a wide array of Bluetooth chips. The attacks enable real-time brute-forcing of session encryption keys, posing risks of live injection attacks. The Bluetooth SIG has identified this as CVE-2023-24023 and confirmed the attacks’ severity. Antonioli released a toolkit for manipulation and monitoring, along with enhanced key derivation to counter the attacks. The vulnerabilities rest in architectural flaws related to Bluetooth session establishment, enabling an attacker to reuse weak session keys across different sessions, significantly impacting the Bluetooth ecosystem. The Bluetooth SIG and major tech companies have been notified, with efforts underway to address these issues.

Read more: https://www.securityweek.com/new-bluffs-bluetooth-attacks-have-large-scale-impact-researcher/