Eurecom researchers have developed six new attacks, collectively called “BLuffS,” that can compromise the confidentiality of Bluetooth sessions by enabling device spoofing and man-in-the-middle (MitM) attacks. Daniele Antonioli, who discovered the attacks, explains that BLuffS exploits two previously unknown flaws in the Bluetooth standard regarding how session keys are derived to decrypt data exchanges.

These flaws are not specific to hardware or software configurations but are architectural; that is, they affect Bluetooth at a fundamental level. These flaws are not specific to hardware or software configurations but are architectural; that is, they affect Bluetooth at a fundamental level.

The issues are tracked as CVE-2023-24023 and affect Bluetooth core specifications 4.2 through 5.4. Given the widespread use of the common wireless standard and vulnerable versions, BLuffS can run on billions of devices, including laptops, smartphones, and other mobile devices.

How do BLuffs work?

BLuffS is a set of exploits targeting Bluetooth that aims to compromise future and future Bluetooth sessions by compromising past and future communications between devices. This is achieved by exploiting four flaws in the session key derivation process, two of which are novel, to force the derivation of a short, and therefore weak and predictable session key (SKC).

The attacker then obtains the key, allowing past messages to be decrypted and future messages to be decrypted or manipulated.

Performing the attack assumes that the attacker is within Bluetooth range of two communicating targets and impersonates one to negotiate a weak session key with the other, offering the lowest possible key entropy value and using a fixed session key diversifier.

The published paper presents six types of BLuffS attacks, covering various combinations of impersonation and MitM attacks, that work regardless of whether victims support Secure Connections (SC) or Legacy Secure Connections (LSC).

Researchers have developed and shared a toolkit demonstrating the effectiveness of BLFFS on GitHub. It includes a Python script for testing attacks, ARM patches, a parser, and PCAP samples obtained during testing.

Effect and recovery

BLuffS affects Bluetooth 4.2 released in December 2014 and all versions up to the latest Bluetooth 5.4 released in February 2023.

The Eurecom document presents the results of BLuffS testing on a variety of devices, including smartphones, headsets and laptops running Bluetooth versions 4.1 to 5.2. All have been confirmed to be susceptible to at least three of the six BLuffs attacks.

The document also recommends the following backward-compatible changes that will improve session key detection and reduce BLuffs and similar threats:

• For legacy secure connections (LSC), we introduce a new “key-derived function” (KDF) that incorporates mutual exchange and one-time verification while adding minimal overhead.
• Devices must use a shared pairing key to verify each other’s key diversifiers and ensure the legitimacy of session participants.
• Use Secure Connections (SC) mode whenever possible.
• Maintain the cache of session key diversifiers to prevent reuse.

The Bluetooth SIG (Special Interest Group), a non-profit organization that oversees the development of the Bluetooth standard and is responsible for licensing the technology, received the Eurecom report and published a statement on its website.

The organization recommends rejecting connections with low key strengths below seven octets, using Security Mode 4, Level 4, which provides higher levels of encryption strength, and operating in Secure Connections Only mode when connecting. Source