Millions of Bluetooth devices are at risk! Security researchers have uncovered flaws that have affected the wireless communication standard for almost… ten years.
Bluetooth alert. Eurecom researchers have developed six attacks targeting the standard, from its version 4.2 (which dates back to 2014) to the brand new version 5.4. Suffice to say that hundreds of millions of devices can potentially be the subject of these attacks.
Holes in the Bluetooth racket
Grouped under the banner BLUFFS (for “Bluetooth Forward and Future Secrecy Attacks and Defenses”), this series of attacks exploits four security flaws, including two new ones (CVE-2023-24023) which affect the Bluetooth specification. These attacks make it possible to break the confidentiality of Bluetooth sessions, thus compromising communication exchanges between devices.
AirPods 3 at the best price Base price: €199
See more offers
Executing BLUFFS assumes that the attacker is within Bluetooth range of both targets exchanging data. The hacker pretends to be one of them in order to negotiate a weak session key with the other. These combinations allow the hacker to impersonate the sender to deceive the victim, and carry out man-in-the-middle attacks (MITM) to siphon data.
Researchers tested BLUFFS on several types of devices, from wireless headphones to smartphones, computers and even smart speakers. All died from at least three of the six attacks.
The Bluetooth Special Interest Group (SIG), which oversees the development of the standard, has received the Eurecom report and will advise manufacturers on solutions to limit risks. On the user side, it is always possible to deactivate Bluetooth to avoid attacks, but this is not particularly practical. You can also avoid sharing sensitive information via Bluetooth in public.
Source :
BleepingComputer