New BLUFFS Attack Lets Attackers Hijack Bluetooth Connections

Cyber Security Threat Summary:
Researchers from Eurecom have developed six next attacks they have collectively named “BLUFFS.” These vulnerabilities can be used for device impersonation and man-in-the-middle (MitM) attacks. BLUFFS exploits two previously unknown flaws in Bluetooth, related to how session keys are derived to decrypt data in exchange. These flaws are not specific to hardware or software configurations but are architectural instead, meaning they affect Bluetooth at a fundamental level. The issues are tracked under the identifier CVE-2023-24023 and impact Bluetooth Core Specification 4.2 through 5.4.

Security Officer Comments:
The researchers warn that the widespread use of Bluetooth means BLUFFS could work against billions of devices, including laptops, smartphones, and other mobile devices. Specifically, the exploits target Bluetooth with the aim of breaking a session’s forward and future secrecy, which compromises the confidentiality of past and future communications between devices. The researchers found four flaws in the session key derivation process, which can force a short, weak, and predictable session key (SKC).

Next, an attacker could use brute force techniques to guess the key, enabling them to decrypt past communications and manipulate future communications.

The paper highlights six examples of BLUFFS attacks, covering various combinations of impersonating and MitM attacks, which will work regardless of whether the victim is using Secure Connections (SC) or Legacy Secure Connections (LSC). Additionally, the researchers have released a Python script for organizations to test the exploits.

Suggested Correction(s):
BLUFFS impacts Bluetooth 4.2, released in December 2014, and all versions up to the latest, Bluetooth 5.4, released in February 2023.

The Eurecom paper presents test results for BLUFFS against various devices, including smartphones, earphones, and laptops, running Bluetooth versions 4.1 through 5.2. All of them were confirmed to be susceptible to at least three out of six BLUFFS attacks.

The paper also proposes the following backward-compatible modifications that would enhance session key derivation and mitigate BLUFFS and similar threats:

  • Introduce a new "Key Derivation Function" (KDF) for Legacy Secure Connections (LSC) that involves mutual nonce exchange and verification, adding minimal overhead.
  • Devices should use a shared pairing key for the mutual authentication of key diversifiers, ensuring the legitimacy of session participants.
  • Enforce Secure Connections (SC) mode where possible.
  • Maintain a cache of session key diversifiers to prevent reuse.
“Bluetooth SIG (Special Interest Group), the non-profit organization that oversees the development of the Bluetooth standard and is responsible for licensing the technology, has received Eurecom's report and published a statement on its site. The organization suggests that implementations reject connections with low key strengths below seven octets, use 'Security Mode 4 Level 4', which ensures a higher encryption strength level, and operate in 'Secure Connections Only' mode when pairing” (Bleeping Computer, 2023).

Link(s): PDF's: