Billions of Bluetooth-connected devices at risk of hacker attack due to new security flaw

Accordingly, through this security hole, hackers can attack the Bluetooth connection between two devices to steal data, even with the latest devices. Hackers can take advantage of this hole to exploit information on a variety of different devices.

Daniele Antonioli, a security expert at the EURECOM Scientific Research Center who was behind the attacks, stressed that the BLUFFS vulnerabilities target architectural flaws rather than specific hardware or software configurations. This means that the vulnerabilities attack the core of Bluetooth technology, affecting devices running Bluetooth versions ranging from 4.2 released in December 2014 to the latest version 5.4 released in February 2023.

These vulnerabilities relate to how Bluetooth session keys are obtained to decrypt data exchanged between two devices. The researchers demonstrated six BLUFFS attacks, each using different device impersonation or man-in-the-middle attacks. BLUFFS exploits two previously unknown vulnerabilities in the Bluetooth standard related to how session keys are obtained to decrypt data exchanged.

The EURECOM report presented the results of BLUFFS testing on a variety of devices, including smartphones, headsets, and laptops, running Bluetooth versions 4.1 to 5.2. All of them were confirmed to be vulnerable to at least 3 of the 6 BLUFFS attacks.

The above methods are effective even if the user's device is equipped with the latest Bluetooth security features, due to the security vulnerability related to the basic architecture of Bluetooth. Therefore, billions of devices from tablets, laptops, smartphones to headphones using Bluetooth are at risk of attack.

However, the BLUFFS vulnerability requires two devices to be within Bluetooth range of each other to work. Once within range, an attacker can change the security key used to encrypt data. They can decrypt or tamper with the data, which requires the attacker to pretend to be one of the devices sharing the data.

Processors manufactured by major brands such as Intel, Broadcom, Apple, Samsung, Qualcomm, and others are all vulnerable to the BLUFFS vulnerability. Researchers have also developed and tested an enhanced connection key that helps prevent the aforementioned attacks.

After receiving a report about the BLUFFS security vulnerability from EURECOM, Bluetooth SIG, a non-profit organization responsible for overseeing the development and licensing of Bluetooth technology, founded by famous electronics manufacturers Ericcson, IBM, Intel, Nokia, Toshiba, Microsoft, Lenovo and Apple, issued a warning and advised users to reject connections that do not meet the encryption requirements.

This is not the first time security expert Antonioli has discovered security issues in the Bluetooth standard. Previously, in May 2020, he was the first author of a paper detailing Bluetooth impersonation attacks (or BIAS), security vulnerabilities such as BLUFFS that allow attackers to bypass the pairing authentication key to impersonate any Bluetooth device.

Currently, there is nothing Bluetooth users can do to increase their security against the attack, even for devices running the latest versions of Bluetooth connections. Because the BLUFFS vulnerability is related to the Bluetooth architecture. The only way users can do is to limit Bluetooth connections to unfamiliar devices, as well as check for updates regularly to install patches.

For mobile devices, users should regularly update software. More importantly, users should turn off Bluetooth connection when not in use to reduce the risk of being attacked, as well as be cautious about paired devices, do not agree to pair with unknown sources.

The Bluetooth SIG is currently working on a fix, and has made a few suggestions. The first is to introduce a new generation of secure keys. This would be a quick fix and allow people to confirm that their data is going to the right place. However, more information on proposed fixes is likely to come in the near future.