EURECOM researchers have identified two previously unknown vulnerabilities in the Bluetooth standard that impact session key derivation, the process of generating cryptographic keys for secure communication. These vulnerabilities, designated as CVE-2023-24023, affect Bluetooth specification versions 4.2 through 5.4, potentially exposing billions of devices, including smartphones, laptops, and headphones, to security risks.
Exploiting Bluetooth’s Weaknesses
The BLUFFS series of exploits leverages the discovered vulnerabilities to compromise Bluetooth communications. By forcibly setting session keys to weak and predictable values, attackers can brute-force them, enabling decryption of past communications and manipulation of future ones. The attack scenario requires the attacker to be within Bluetooth range of both devices and impersonate one of the parties during session key negotiation.
Mitigating Bluetooth Vulnerabilities
Researchers have proposed mitigation strategies to protect Bluetooth communications while maintaining compatibility with existing vulnerable devices. These include:
-
Enhancing Encryption Settings: Manufacturers should implement stronger encryption algorithms and key sizes to make brute-forcing more difficult.
-
Secure Connections Mode: Adopting the “secure connections only” mode during pairing can restrict communication to devices with robust security measures.
Addressing Bluetooth Security Concerns
The Bluetooth SIG, the organization responsible for the Bluetooth standard, has acknowledged the BLUFFS vulnerabilities and urged manufacturers to enhance security by adopting stronger encryption settings and prioritizing the use of secure connections only mode during pairing, notes NIX Solutions. These measures can help safeguard Bluetooth communications and protect user data from unauthorized access.