Billions of Bluetooth-connected devices at risk of hacker attacks due to new security flaw

Accordingly, through this security hole, hackers can attack the Bluetooth connection between two devices to steal data, even with the latest devices. Hackers can take advantage of this hole to exploit information on a variety of different devices.

Security expert Daniele Antonioli of the EURECOM Scientific Research Center - the person behind these attacks - emphasized that the BLUFFS security vulnerabilities target architectural flaws rather than specific hardware or software configurations. This means that the security vulnerabilities attack the core of Bluetooth technology, affecting devices using Bluetooth versions from 4.2 released in December 2014 to the latest version 5.4 released in February 2023.

These vulnerabilities relate to how Bluetooth session keys are obtained to decrypt data exchanged between two devices. The researchers demonstrated six BLUFFS attacks, each using different device impersonation or man-in-the-middle attacks. BLUFFS exploits two previously unknown vulnerabilities in the Bluetooth standard related to how session keys are obtained to decrypt data exchanged.

The EURECOM report presented the results of BLUFFS testing on a variety of devices, including smartphones, headsets, and laptops, running Bluetooth versions 4.1 to 5.2. All of them were confirmed to be vulnerable to at least three of the six BLUFFS attacks.

The above methods are effective even if the user's device is equipped with the latest Bluetooth security features, due to the security vulnerability related to the basic architecture of Bluetooth. Therefore, billions of devices from tablets, laptops, smartphones to headphones using Bluetooth are at risk of attack.

However, the BLUFFS vulnerability requires two devices to be within Bluetooth range of each other to work. Once within range, an attacker can change the security key used to encrypt data. They can decrypt or tamper with the data, which requires the attacker to pretend to be one of the devices sharing the data.

Processors manufactured by major brands such as Intel, Broadcom, Apple, Samsung, Qualcomm, and others are vulnerable to the BLUFFS security vulnerability. Researchers have also developed and tested an advanced connection key that can prevent the above attacks.

After receiving a report about the BLUFFS security vulnerability from EURECOM, Bluetooth SIG, a non-profit organization responsible for overseeing the development and licensing of Bluetooth technology, founded by famous electronics manufacturers Ericcson, IBM, Intel, Nokia, Toshiba, Microsoft, Lenovo and Apple, issued a warning and advised users to reject connections that do not meet the key requirements.

This isn't the first time security expert Antonioli has discovered security issues in the Bluetooth standard. Previously, in May 2020, he was the first author of a paper detailing Bluetooth impersonation attacks (or BIAS), security vulnerabilities like BLUFFS that allow attackers to bypass the pairing authentication key to impersonate any Bluetooth device.

Currently, there is nothing Bluetooth users can do to increase their security against the attack risk, even for devices running the latest Bluetooth connection versions. Because the BLUFFS vulnerability is related to the Bluetooth architecture. The only way is for users to limit Bluetooth connections with unfamiliar devices, as well as regularly check for updates to install patches.

For mobile devices, users should regularly update software. More importantly, users should turn off Bluetooth connection when not in use to reduce the risk of being attacked, as well as be cautious with paired devices, do not agree to pair with unknown sources.

Bluetooth SIG is currently working on a fix, and has made a few suggestions. The first is to introduce a new generation of secure keys. This would be a quick fix and allow people to confirm their data is going to the right place. However, more information on proposed fixes is likely to come in the near future.