Recent reports have revealed a serious security issue with Bluetooth that could allow criminals to impersonate other devices. The issue could affect the latest updates to Bluetooth as well as some older versions.
The security weaknesses were developed by a team at the research institute Eurecom. These weaknesses were named "BLUFFS" (Bluetooth Forward and Future Secrecy). The weaknesses appear to affect Bluetooth versions from 4.1 to 5.4; Bleeping Computer reports that cell phones with these versions are vulnerable to at least three of the six types of attacks developed. This means that all phones from the iPhone 6 to the iPhone 15 could be affected by BLUFF.
BLUFFS are not described as a hardware or software configuration, but instead are architectural in nature and cannot be easily fixed. The exploit relates to two previously unknown flaws related to the method of deriving the session key for decrypting dates.
For BLUFFS to work, the two phones must be within Bluetooth range. Once in range, the attacker can change the secure key used to encrypt the data. The attacker must impersonate one of the devices sharing the data.
Importantly, there is no guarantee that the majority of people will be affected by these flaws. However, there are a few things that can be done to protect devices: first, turn off Bluetooth when not in use. It is also a good idea to only connect with authenticated devices and never with unknown sources.
Bluetooth seems to be working on a solution to this problem and several suggestions have been made: the first is to introduce secure key generation. This is a quick solution and people can be sure that their data is being transmitted to the correct location. However, more information on the proposed fixes will be provided in the future.
Following the discovery of this flaw, the Bluetooth SIG issued an official statement on the issue. In this statement, the Bluetooth SIG acknowledges the existence of the vulnerability and advises that the potential impact can be mitigated by denying access to certain resources or by implementing security measures. [For example, including sufficient key entropy to ensure that session key reuse is limited for attackers. Key entropy with respect to cybersecurity is used to generate random numbers, which are then used to generate security keys to protect data in storage or in transit. The higher the quality of the random numbers, the better the security.
To address this vulnerability, Bluetooth strongly recommends that implementations deny service-level connections with encryption keys below a certain octet (a unit of digital information consisting of eight bits), which varies from device to device. It also recommends that both devices operate in Secure Connections Only Mode to ensure sufficient key strength
.
Secure Connections Mode also helps by tracking whether the link key was established by Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR). This means that known devices that have attempted to connect but have not used a key saved from a previous connection will be flagged. If there is no previously stored key or the octet key is too small, the connection will not be made.
At this time, there is no real fix for the above flaws, which exist in the Bluetooth architecture and will not be fixed until the next Bluetooth version is released. In the meantime, however, there is one simple way to protect oneself from attacks that take advantage of these flaws.
For now, if you are really worried about falling victim to a Bluetooth attack, your best bet would be to disable Bluetooth when you are out and about. If you are using the best Bluetooth headphones, this would not be ideal, but for those who are not, this is your best bet at the moment.
But as 9To5Mac points out, this isn't really convenient, so a more practical way to stay safe would be to not send sensitive files, photos, or other data over Bluetooth while in public. For iPhone users, this would include not sending sensitive This includes using AirDrop to send photos and documents containing highly personal information.
How the Bluetooth SIG plans to nip this problem in the bud will become clear when the next major release of Bluetooth is ready for inclusion in upcoming devices.
.
Comments